63 lines
3.1 KiB
Plaintext
63 lines
3.1 KiB
Plaintext
|
|
gpl compliance in the embedded and mobile market
|
|
|
|
introduction
|
|
|
|
the traditional embedded [Linux] industry
|
|
is selling high-quality products for markets like industrial automatization
|
|
is typically composed by SME with very high skill level
|
|
typically has relatively low quantities and thus high price
|
|
typically has a relatively good reputation of GPL compliance
|
|
thus not really a big problem maker
|
|
|
|
|
|
the mass-market embedded industry
|
|
has very long supply chains
|
|
very few entities in that chain understand the product
|
|
often unclear who truly originates a GPL violation
|
|
elements distributed over many jurisdictions
|
|
|
|
|
|
how does that industry work
|
|
chipset maker develops a chipset for a given application
|
|
chipset maker develops Board Support Package (BSP)
|
|
some board-level maker produces a reference board
|
|
reference board + BSP are used by all other companies to build their products
|
|
some big OEM customers buy the products
|
|
not knowing or not asking what is in the product
|
|
the OEM sells its products through regular consumer electronics distributors
|
|
|
|
|
|
how does that industry work, further complications
|
|
the BSP might not be provided by the chipset maker itself
|
|
they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills
|
|
it might be an alternative 3rd party BSP
|
|
or it might be an improvement over the original BSP
|
|
the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services
|
|
the OEM might need to partner with some other company in order to get such an ISP/telco deal
|
|
any entity in the supply chain will push their own requirements down the chain
|
|
the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements
|
|
|
|
|
|
some other important facts about that industry
|
|
even those companies which you perceive as key players are nothing more than brands
|
|
most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D
|
|
they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture
|
|
business relationships are very ad-hoc
|
|
e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider
|
|
thus, limited economic pressure can be excerted onto them
|
|
many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance
|
|
|
|
|
|
specific problems we're seeing
|
|
an incredible amount of technical incompetence
|
|
almost nobody in the supply chain understands the product and its software architecture / components
|
|
this leads to incomplete source code releases that
|
|
don't have "complete corresponding source code" (GPLv2)
|
|
scripts to control compilation and installation
|
|
thus are impossible to actually compile into object code
|
|
contain GPL violations in itself (derivative works with proprietary components)
|
|
|
|
|
|
|