Linksys Still In Violation of the GPL?

A reader writes:"From a recent post to LKML: "...Clearly, the kernel source that Linksys provided cannot be used to recreate the kernel that they are shipping with their product. Therefore, they have been, and still remain in violation of the GPL." Several heavy hitters have signed this one, including Jeremy Allison and Alan Cox." There's also commentary from David Turner and Bradley Kuhn of the FSF.

Re:Why should they?

[BorgDrone]

If you use GPL, you are supposed to reveal ALL the code you have even if it parts of it was designed completely independently?

You have to release all sourcecode that is part of a derived work of the GPL software.

Since a modified kernel is a derived work of the original GPL-ed kernel they have to release the source to their modified kernel.

"Linksco"?

[Lodragandraoidh]

The merging of Linksys and Cisco was seen by some to be a good thing.

However it appears that culture of 'security through obscurity', as seen in Cisco router firmware apps has found its way into the Linksys product line, to the detriment of the GPL contract.

What Cisco is doing is wrong - plain and simple. If Cisco chooses to use copyrighted material under the GPL, they need to live up to their responsibilities under that license. I urge Cisco/Linksys to fix the problem before things get out of hand. You can't participate in the free/opensource software community half way.

Re:oops.

[Jonah+Hex]

I believe your thinking of this Slashback story with a response from the Linksys PR rep.

Calm down that jerking knee, then apply ice. In response a post which raised the question of whether Linksys was in violation of the GPL by not distributing, nor offering links to, the source code for the software controlling their 802.11g base stations. A representative from Linksys-PR sent in this note about the "missing" source code:

Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

We regret it took some time to respond to this posting. To assure timely responses to inquiries like this in the future, please use the following procedure which complies with the requirements of the General Public License:

1. Please put your request in writing or in an email addressed to info@Linksys.com
2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."
3. Technically, you are also supposed to provide us with a self-addressed stamped envelope, along with funds to cover the cost of providing the code to you. But Linksys will handle requests on a case-by-case basis. Thank you."

However there's been a couple of additional stories since then about new Linksys GPL releases.

Linksys Releases GPLed Code for WRT54G They released their code mods on their website.
Linksys and the GPL, Again Missing code mods from the Linksys webpage.

Obviously this is something that's going to take awhile to work out, not only with Linksys but other companies that are enjoying the riches of open source code.

Jonah Hex

Re:Something I've always wondered

[michael_cain]

I know of no way other than being able to compile and run the resulting binary to verify that the source code provided is indeed the correct, working source code. Your point about the custom compiler may be valid -- that is, I'll give you my source code changes, but they are specific to a particular compiler you do not have. Given full source code, you can presumably port it to whatever compiler you do have. However, there would certainly be lines across which said custom compiler could not step (IMO) and have the whole thing remain GPL-compliant.

For example, one of the Bell Labs' UNIX gods (I forget which) demonstrated how a C compiler could (a) insert backdoor binary code into applications it was compiling and (b) recognize when it was compiling itself and insert the backdoor-inserting code. Thus none of the source files, for either the compiler or the application, showed that there was a backdoor. They were making the point that the system is not secure if you're initially dependent on some chunk of binary code (or at least you have to analyze that binary, which is much more difficult).

In this GPL example, if the custom compiler inserted binary code needed to build a working program, and no other compiler working strictly from the source could produce a working program, there's pretty clearly a violation.

Re:oops.

[ninewands]

As Linksys PR said:

Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

I beg to differ with their position wrt the correctness of their analysis on how to go about withholding some of their code as 'closed source.'

As an example of the RIGHT way to do this (whether you agree with the politics of it or not), I would submit that Nvidia withholds the source to their binary-only video drivers, but makes the glue code that adapts it to a specific kernel freely available. In addition, NOT having the source to the Nvidia drivers in no way impedes my ability to compile a kernel.

The fact that it is not possible to configure, much less compile, the kernel tree available from Linksys's GPL software page indicates that they have withheld code which SHOULD be released under the GPL because of how tightly it is interwoven into the kernel code.

Just my US$0.02

FSF Response: Cool Down

[Royster]

Found on the LKML list.

Subject: Linksys/Cisco GPL Violations
From: David Turner (novalis@fsf.org)
Date: Mon Sep 29 2003 - 10:22:47 AKDT

To Linux Developers Concerned about the Linksys/Cisco GPL Violations:

We are in ongoing negotiating with Linksys/Cisco about this issue. Information from Andrew Miklas and others has been very helpful to us in our negotiations, and we encourage others to share with us any technical information about this or any other GPL violation.

This isn't the first GPL violation we have dealt with; we've been actively enforcing the GPL for over ten years. Our usual practice is not to publicly announce details of ongoing violation negotiations, because we find that private negotiation yields quicker and better cooperation. By building a relationship with violators where we are helping them to come into compliance, we avoid having to fight in court, and are able to spend less resources per violation. Our number one goal in any GPL violation case is to get proper and full compliance with the license; everything
else is secondary.

GPL violations sometimes take time to resolve. We wish that we could force resolution quicker, but we haven't found a way to do that. We have, however, discovered a variant of Brooks's Law: adding more lawyers to a GPL violation usually makes it take longer. Lawyers are reluctant to admit to mistakes, because they fear it could be used against them. Engineers and product managers are typically interested in fixing mistakes, so we try our best to work with them first before escalating to legal teams on both sides. Such escalation has happened on this violation, so it will take additional time to resolve the matter.

In addition, we are leading a coalition of many copyright holders in the WRT54G, as Linux is only one part of a large body of GPL'ed software in the product. We formed this coalition because, having done enforcement cases for a product with a broad range of copyright holders before, we have found that separate enforcement actions and/or law suits from individual copyright holders make attainment of compliance more difficult.

We will continue to do everything necessary to obtain full compliance on this and any other products where violations can be confirmed. On this particular violation, we will keep the community informed when issues come up that impact the rights of everyone whose work is being distributed by Cisco or any of its subsidiaries.

If you are a copyright holder on software in the WRT54G, or any other Cisco product, you are welcome join this coalition. Please email for details.

Sincerely,

David Turner, GPL Compliance Engineer, FSF
Bradley M. Kuhn, Executive Director, FSF