Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linksys Still In Violation of the GPL?

Posted by Hemos on from the fess-up-and-correct dept.

A reader writes:"From a recent post to LKML: "...Clearly, the kernel source that Linksys provided cannot be used to recreate the kernel that they are shipping with their product. Therefore, they have been, and still remain in violation of the GPL." Several heavy hitters have signed this one, including Jeremy Allison and Alan Cox." There's also commentary from David Turner and Bradley Kuhn of the FSF.

4 of 603 comments (clear)

  1. Re:Why should they? by BorgDrone · · Score: 5, Informative

    If you use GPL, you are supposed to reveal ALL the code you have even if it parts of it was designed completely independently?

    You have to release all sourcecode that is part of a derived work of the GPL software.

    Since a modified kernel is a derived work of the original GPL-ed kernel they have to release the source to their modified kernel.

  2. "Linksco"? by Lodragandraoidh · · Score: 5, Informative

    The merging of Linksys and Cisco was seen by some to be a good thing.

    However it appears that culture of 'security through obscurity', as seen in Cisco router firmware apps has found its way into the Linksys product line, to the detriment of the GPL contract.

    What Cisco is doing is wrong - plain and simple. If Cisco chooses to use copyrighted material under the GPL, they need to live up to their responsibilities under that license. I urge Cisco/Linksys to fix the problem before things get out of hand. You can't participate in the free/opensource software community half way.

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  3. Re:oops. by Jonah+Hex · · Score: 5, Informative
    I believe your thinking of this Slashback story with a response from the Linksys PR rep.
    Calm down that jerking knee, then apply ice. In response a post which raised the question of whether Linksys was in violation of the GPL by not distributing, nor offering links to, the source code for the software controlling their 802.11g base stations. A representative from Linksys-PR sent in this note about the "missing" source code:

    Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

    We regret it took some time to respond to this posting. To assure timely responses to inquiries like this in the future, please use the following procedure which complies with the requirements of the General Public License:

    1. Please put your request in writing or in an email addressed to info@Linksys.com
    2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."
    3. Technically, you are also supposed to provide us with a self-addressed stamped envelope, along with funds to cover the cost of providing the code to you. But Linksys will handle requests on a case-by-case basis. Thank you."

    However there's been a couple of additional stories since then about new Linksys GPL releases.

    Linksys Releases GPLed Code for WRT54G They released their code mods on their website.
    Linksys and the GPL, Again Missing code mods from the Linksys webpage.

    Obviously this is something that's going to take awhile to work out, not only with Linksys but other companies that are enjoying the riches of open source code.

    Jonah Hex
    --
    Horror & SciFi Erotic Nudes
  4. Re:Something I've always wondered by michael_cain · · Score: 5, Informative
    I know of no way other than being able to compile and run the resulting binary to verify that the source code provided is indeed the correct, working source code. Your point about the custom compiler may be valid -- that is, I'll give you my source code changes, but they are specific to a particular compiler you do not have. Given full source code, you can presumably port it to whatever compiler you do have. However, there would certainly be lines across which said custom compiler could not step (IMO) and have the whole thing remain GPL-compliant.

    For example, one of the Bell Labs' UNIX gods (I forget which) demonstrated how a C compiler could (a) insert backdoor binary code into applications it was compiling and (b) recognize when it was compiling itself and insert the backdoor-inserting code. Thus none of the source files, for either the compiler or the application, showed that there was a backdoor. They were making the point that the system is not secure if you're initially dependent on some chunk of binary code (or at least you have to analyze that binary, which is much more difficult).

    In this GPL example, if the custom compiler inserted binary code needed to build a working program, and no other compiler working strictly from the source could produce a working program, there's pretty clearly a violation.