On Tue, Aug 31, 2004 at 05:20:47PM +0000, daveshawley@xxxxxxxxxxx wrote:
> Hello again,
>
> I raised this question about a year or so ago on this list. Now that I have
> some time to look into it again, I was wondering what exactly are the terms
> of distributing Ethereal (as-is) and also distributing plug-in dissectors for
> various protocols. I am asking this question because my employer would like
> to distribute Ethereal on our distribution disks so that our field engineers
> have access to such a fine tool.
If you are only distributing it within your organization, then you can make
whatever changes you want without releasing anything. When you
redistribute outside of your organization (e.g. to customers or
contractors,) then you must make the original source code and any
changes available (including the source to your plugin, since it seems
that the required file plugins/plugin_api.h is required, which is
GPL'd.)
> In my original post, I was assuming that we were not going to be able to
> make the source code to our dissectors available. Now that we are revisiting
> the issue, [they] have decided that it is probably permissible to make the
> source code for some of our internal dissectors available upon request. The
> tool will be made available on our distribution disks which are generally only
> used by our internal personnel; however, the customer has a copy of the
> disks so they should be considered recipients of the package as well - hence
> my employer's concern about exposing [possibly] proprietary protocols.
> (Please don't flame me to hard here... I'm just a software engineer and,
> believe it or not, there are a large number of closed protocols and networks
> out there.)
You can't just "make the source available." You have to make the source
available *under the GPL*.
> I guess what it really comes down to is: "what source code must be made
> available?" My interpretation of the license is that we have to retain the
> various notices as well as make our distributed dissectors available in source
> form. This does not include our core products... correct? Our intent is to use
> Ethereal as a diagnostic tool only - it is not being added to our product line
> to provide an enhanced feature or anything like that.
If you distribute an executable version, then you need to make the
source for that version available. AFAICT, since it's still available
on ethereal.com, it's available to whomever you distribute (the
unmodified version) to. If you add code, then distribute an executable
to someone outside your organization, then you must make that code GPL.
> Any thoughts are appreciated. Having a network analyzer available on our
> servers would make my job much, much easier.
You can always distribute the unmodified version to customers and SEs to
capture the data, then use a version that actually decodes those
protocols internally for analysis. You could also give a modified
version to your SEs, but then it's only a matter of time before an SE
trying to make his quarterly quota give it to a customer to try to
garner favor ;) At that point you are just asking to get sued by the
EFF.
--
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762
