Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linksys Still In Violation of the GPL?

Posted by Hemos on from the fess-up-and-correct dept.

A reader writes:"From a recent post to LKML: "...Clearly, the kernel source that Linksys provided cannot be used to recreate the kernel that they are shipping with their product. Therefore, they have been, and still remain in violation of the GPL." Several heavy hitters have signed this one, including Jeremy Allison and Alan Cox." There's also commentary from David Turner and Bradley Kuhn of the FSF.

10 of 603 comments (clear)

  1. Re:Why should they? by BorgDrone · · Score: 5, Informative

    If you use GPL, you are supposed to reveal ALL the code you have even if it parts of it was designed completely independently?

    You have to release all sourcecode that is part of a derived work of the GPL software.

    Since a modified kernel is a derived work of the original GPL-ed kernel they have to release the source to their modified kernel.

  2. "Linksco"? by Lodragandraoidh · · Score: 5, Informative

    The merging of Linksys and Cisco was seen by some to be a good thing.

    However it appears that culture of 'security through obscurity', as seen in Cisco router firmware apps has found its way into the Linksys product line, to the detriment of the GPL contract.

    What Cisco is doing is wrong - plain and simple. If Cisco chooses to use copyrighted material under the GPL, they need to live up to their responsibilities under that license. I urge Cisco/Linksys to fix the problem before things get out of hand. You can't participate in the free/opensource software community half way.

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  3. Re:oops. by Jonah+Hex · · Score: 5, Informative
    I believe your thinking of this Slashback story with a response from the Linksys PR rep.
    Calm down that jerking knee, then apply ice. In response a post which raised the question of whether Linksys was in violation of the GPL by not distributing, nor offering links to, the source code for the software controlling their 802.11g base stations. A representative from Linksys-PR sent in this note about the "missing" source code:

    Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

    We regret it took some time to respond to this posting. To assure timely responses to inquiries like this in the future, please use the following procedure which complies with the requirements of the General Public License:

    1. Please put your request in writing or in an email addressed to info@Linksys.com
    2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."
    3. Technically, you are also supposed to provide us with a self-addressed stamped envelope, along with funds to cover the cost of providing the code to you. But Linksys will handle requests on a case-by-case basis. Thank you."

    However there's been a couple of additional stories since then about new Linksys GPL releases.

    Linksys Releases GPLed Code for WRT54G They released their code mods on their website.
    Linksys and the GPL, Again Missing code mods from the Linksys webpage.

    Obviously this is something that's going to take awhile to work out, not only with Linksys but other companies that are enjoying the riches of open source code.

    Jonah Hex
    --
    Horror & SciFi Erotic Nudes
  4. TROLLING by 110010001000 · · Score: 3, Informative

    Everyone:

    My above post was an intentional troll. It is to prove a few points about the ridiculous nature of the moderation system on slashdot.

    1) If you post quickly, you will have a chance to be read and moderated. This system rewards those who post without spending time to think about or read the article(s) involved. I think at least an hour should pass before any posts are made public, and those posts should be posted in random order. The main problem is that the posts at the "top" get modded, while the others get ignored.

    2) The most ridiculous assertions (our proprietary code is not licensed under the GPL and is therefore not released) is modded up a 4-INFORMATIVE??? already?

    3) You cannot trust anything that is said on an anonymous forum such as this. Don't take it so seriously.

    Thank You,
    Bill Gates

  5. Re:Kernel modules need not be GPL'd by _Upsilon_ · · Score: 3, Informative

    That's exactly the issue. The have modules, but for their modules to work they added to the core kernel. The pieces that have been added to the kernel need to be GPL'd.

  6. Re:Something I've always wondered by michael_cain · · Score: 5, Informative
    I know of no way other than being able to compile and run the resulting binary to verify that the source code provided is indeed the correct, working source code. Your point about the custom compiler may be valid -- that is, I'll give you my source code changes, but they are specific to a particular compiler you do not have. Given full source code, you can presumably port it to whatever compiler you do have. However, there would certainly be lines across which said custom compiler could not step (IMO) and have the whole thing remain GPL-compliant.

    For example, one of the Bell Labs' UNIX gods (I forget which) demonstrated how a C compiler could (a) insert backdoor binary code into applications it was compiling and (b) recognize when it was compiling itself and insert the backdoor-inserting code. Thus none of the source files, for either the compiler or the application, showed that there was a backdoor. They were making the point that the system is not secure if you're initially dependent on some chunk of binary code (or at least you have to analyze that binary, which is much more difficult).

    In this GPL example, if the custom compiler inserted binary code needed to build a working program, and no other compiler working strictly from the source could produce a working program, there's pretty clearly a violation.

  7. Re:oops. by ninewands · · Score: 4, Informative
    As Linksys PR said:
    Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

    I beg to differ with their position wrt the correctness of their analysis on how to go about withholding some of their code as 'closed source.'

    As an example of the RIGHT way to do this (whether you agree with the politics of it or not), I would submit that Nvidia withholds the source to their binary-only video drivers, but makes the glue code that adapts it to a specific kernel freely available. In addition, NOT having the source to the Nvidia drivers in no way impedes my ability to compile a kernel.

    The fact that it is not possible to configure, much less compile, the kernel tree available from Linksys's GPL software page indicates that they have withheld code which SHOULD be released under the GPL because of how tightly it is interwoven into the kernel code.

    Just my US$0.02
    --
    utter rubbish
  8. Re:Kernel modules need not be GPL'd by sudog · · Score: 3, Informative

    You're not reading the article. There are static modifications to the Linux kernel that aren't being released. It's not a question of "if modules" or "then they're ok". It's clear in the linked article! Sheesh!

    Cripes, people. RTFA!

  9. FSF Response: Cool Down by Royster · · Score: 4, Informative
    Found on the LKML list.


    Subject: Linksys/Cisco GPL Violations
    From: David Turner (novalis@fsf.org)
    Date: Mon Sep 29 2003 - 10:22:47 AKDT

    To Linux Developers Concerned about the Linksys/Cisco GPL Violations:

    We are in ongoing negotiating with Linksys/Cisco about this issue. Information from Andrew Miklas and others has been very helpful to us in our negotiations, and we encourage others to share with us any technical information about this or any other GPL violation.

    This isn't the first GPL violation we have dealt with; we've been actively enforcing the GPL for over ten years. Our usual practice is not to publicly announce details of ongoing violation negotiations, because we find that private negotiation yields quicker and better cooperation. By building a relationship with violators where we are helping them to come into compliance, we avoid having to fight in court, and are able to spend less resources per violation. Our number one goal in any GPL violation case is to get proper and full compliance with the license; everything
    else is secondary.

    GPL violations sometimes take time to resolve. We wish that we could force resolution quicker, but we haven't found a way to do that. We have, however, discovered a variant of Brooks's Law: adding more lawyers to a GPL violation usually makes it take longer. Lawyers are reluctant to admit to mistakes, because they fear it could be used against them. Engineers and product managers are typically interested in fixing mistakes, so we try our best to work with them first before escalating to legal teams on both sides. Such escalation has happened on this violation, so it will take additional time to resolve the matter.

    In addition, we are leading a coalition of many copyright holders in the WRT54G, as Linux is only one part of a large body of GPL'ed software in the product. We formed this coalition because, having done enforcement cases for a product with a broad range of copyright holders before, we have found that separate enforcement actions and/or law suits from individual copyright holders make attainment of compliance more difficult.

    We will continue to do everything necessary to obtain full compliance on this and any other products where violations can be confirmed. On this particular violation, we will keep the community informed when issues come up that impact the rights of everyone whose work is being distributed by Cisco or any of its subsidiaries.

    If you are a copyright holder on software in the WRT54G, or any other Cisco product, you are welcome join this coalition. Please email for details.

    Sincerely,

    David Turner, GPL Compliance Engineer, FSF
    Bradley M. Kuhn, Executive Director, FSF
    --
    I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
  10. Linksys Could Learn Something From Actiontec by Damin · · Score: 3, Informative

    Several weeks ago, I submitted an article to my Local LUG on the Actiontec Dual PC modem and the fact that it ran uClinux. It worked it's way up the chain until it got Slashdotted. Since that time, Actiontec has embraced the community and opted to take part in the process. They are not only releasing all source code, but the tool chain, recovery utilities and daughterboards to allow additional development on their platform. They have also hired a consultant to help ensure the Open Source community gets solid documentation and has someone to represent them that understands our needs. The Actionhack mailing list archives can be viewed here. What they will be releasing can be viewed here. Linksys could do well to realize that their actions are pointing the way for other more nimble competition to take advantage of their ill advised behavior.