243 lines
8.0 KiB
Plaintext
243 lines
8.0 KiB
Plaintext
%include "default.mgp"
|
|
%default 1 bgrad
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
%nodefault
|
|
%back "blue"
|
|
|
|
%center
|
|
%size 7
|
|
|
|
GPL compliance
|
|
in the
|
|
Embedded and Mobile Market
|
|
|
|
|
|
%center
|
|
%size 4
|
|
by
|
|
|
|
Harald Welte <laforge@gpl-violations.org>
|
|
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Introduction
|
|
|
|
|
|
Who is speaking to you?
|
|
|
|
an independent Free Software developer
|
|
who earns his living by Free Software since 1997
|
|
who is one of the authors of the Linux kernel firewall system called netfilter/iptables
|
|
who has started gpl-violations.org to enforce license compliance
|
|
who IS NOT A LAWYER
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Disclaimer
|
|
|
|
|
|
Legal Disclaimer
|
|
|
|
All information presented here is provided on an as-is basis
|
|
There is no warranty for correctness of legal information
|
|
The author is not a lawyer
|
|
This does not comprise legal advice
|
|
The authors' experience is mostly limited to German copyright law
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux (traditionally)
|
|
|
|
|
|
The traditional embedded [Linux] industry
|
|
is selling high-quality products for markets like industrial automatization
|
|
is typically composed by SME with very high skill level
|
|
typically has relatively low quantities and thus high price
|
|
typically has a relatively good reputation of GPL compliance
|
|
thus not really a big problem maker
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux (mass market)
|
|
|
|
|
|
The mass-market embedded industry
|
|
has very long supply chains
|
|
very few entities in that chain understand the product
|
|
often unclear who truly originates a GPL violation
|
|
elements of the supply chain distributed over many jurisdictions
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux Industry
|
|
|
|
|
|
How does that industry work?
|
|
chipset maker develops a chipset for a given application
|
|
%pause
|
|
chipset maker develops Board Support Package (BSP)
|
|
%pause
|
|
some board-level maker produces a reference board
|
|
%pause
|
|
reference board + BSP are used by all other companies to build their products
|
|
%pause
|
|
some big OEM customers buy the products
|
|
not knowing or not asking what is in the product
|
|
%pause
|
|
the OEM sells its products through regular consumer electronics distributors
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux Industry
|
|
|
|
How does that industry work, further complications
|
|
the BSP might not be provided by the chipset maker itself
|
|
they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills
|
|
it might be an alternative 3rd party BSP
|
|
or it might be an improvement over the original BSP
|
|
%pause
|
|
the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services
|
|
%pause
|
|
the OEM might need to partner with some other company in order to get such an ISP/telco deal
|
|
%pause
|
|
any entity in the supply chain will push their own requirements down the chain
|
|
%pause
|
|
the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux Industry
|
|
|
|
Other important facts about that industry
|
|
even those companies which you perceive as key players are nothing more than brands
|
|
most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D
|
|
they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture
|
|
%pause
|
|
business relationships are very ad-hoc
|
|
e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider
|
|
thus, limited economic pressure can be excerted onto them
|
|
%pause
|
|
many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Embedded Linux Industry
|
|
|
|
|
|
Specific problems we're seeing
|
|
an incredible amount of technical incompetence
|
|
almost nobody in the supply chain understands the product and its software architecture / components
|
|
%pause
|
|
this leads to incomplete source code releases that
|
|
don't have "complete corresponding source code" (GPLv2)
|
|
scripts to control compilation and installation
|
|
%pause
|
|
thus are impossible to actually compile into object code
|
|
%pause
|
|
contain GPL violations in itself (derivative works with proprietary components)
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Complete Source Code
|
|
|
|
%size 3
|
|
"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
|
|
|
|
For standard C-language programs, this means:
|
|
Source Code
|
|
Makefiles
|
|
compile-time Configuration (such as kernel .config)
|
|
|
|
General Rule:
|
|
Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so.
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GPL Compliance in the Embedded Market
|
|
Control Scripts
|
|
|
|
|
|
The "Scripts"
|
|
(scripts to control compilation and installation, see earlier slide)
|
|
In case of embedded hardware, the "scripts" include:
|
|
Tools for generating the firmware binary from the source (even if they are technically no 'scripts')
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Practical Source Code Offer
|
|
|
|
|
|
Completeness
|
|
The "complete corresponding source code" has to be made available
|
|
%pause
|
|
It has to be made available for each and every object-code version that was distributed
|
|
%pause
|
|
If you strip down the source code offer (e.g. remove proprietary source code), try to see whether the result actually compiles
|
|
%pause
|
|
I would argue that 75-90% of all "GPL source code" offers are incomplete and thus of limited practical usefullness
|
|
%pause
|
|
Many companies fail miserably at this
|
|
we end up in a cycle of source code updates, reviews, updates, reviews.
|
|
%pause
|
|
Supplying the complete source is a _condition_ for using the GPL'd code in the first place
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
The most common mistakes
|
|
|
|
The most common mistakes
|
|
%pause
|
|
not even once reading the GPL text and/or the FAQ from the FSF
|
|
%pause
|
|
not including the GPL license text with the product
|
|
%pause
|
|
not including a written offer with the product
|
|
%pause
|
|
not considering that the GPL also applies to software updates
|
|
%pause
|
|
only providing original source code (e.g. vanilla kernel.org kernel)
|
|
%pause
|
|
not including the "scripts to control installation"
|
|
%pause
|
|
only providing off-site hyperlinks to license and/ore source code
|
|
%pause
|
|
not responding to support requests for source code
|
|
%pause
|
|
charging rediculously high fees for physical shipping of source code
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
GNU GPL - Copyright helps Copyleft
|
|
The End
|
|
|
|
|
|
%size 4
|
|
Further reading:
|
|
%size 4
|
|
The http://gpl-violations.org/ project
|
|
%size 4
|
|
The Free Software Foundation http://www.fsf.org/, http://www.fsf-europe.org/
|
|
%size 4
|
|
The GNU Project http://www.gnu.org/
|
|
%size 4
|
|
The netfilter homepage http://www.netfilter.org/
|
|
%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4
|
|
|
|
|