Slashdot Mirror
Embedded Device Manufacturers Ignoring GPL
swillden writes "Iain Barker and some other Linux Kernel Mailing List readers have discovered that several manufacturers of DVD players based on the Sigma Designs EM8500 chipset are distributing Linux, both in the devices and as binary-only firmware upgrades, but not providing source. Apparently, Sigma Designs provides its customers with a copy of the kernel as part of a chipset SDK, and those customers are making and selling devices without complying with the terms of the GPL. It's not clear if this is because Sigma didn't tell its customers about the GPL and their obligations, or if they're all ignoring it on their own. Maybe they've all bought licenses from SCO and therefore don't have to comply with the GPL? The LKML post contains a list of some of the infringers."
If I have to pay an extra USD$25 in shipping when I replace my DVD player because it comes with the kernel source printed out, I'm going to be seriously pissed.
Great now we can get some DVD code and keys, hopefully if they have integrated it enough, sweet. Kiss my ass MPAA, not so hot now are we?
This comment does not represent the views or opinions of the user.
I am suprized that SCO has not offered an embedded licence - should be worth at least 2 points for SCOX
*Takes bait*
It doesn't matter if you don't modify the kernel; if you distribute it, you must provide source.
Bruce
Bruce Perens.
>DVD don't have processors as such
3 0521.htm:
Exactly. Instead, the logic for the DVD menus and the MPEG decoding are handled by cheerful little hedgehogs that live inside the DVD player.
From http://www.sigmadesigns.com/news/press_releases/0
"The EM8500 is designed around the system-on-chip concept with an internal 150 Mhz RISC CPU"
In this context, of course, RISC stands for "Rodents in Spiny Coats."
Lots of people ask for tons of money for a privilege we let people have without charge. The least they can do is comply with the terms of the license.Bruce
Bruce Perens.
Considering that they mostly got away with stealing the xvid group's work with thier x-card, Sigma's got a history of ignoring licensing requirements on Free software. I wouldn't be surprised to learn that they had been telling their customers that it was all their own proprietary code, no linux about it.
When information is power, privacy is freedom.
It really pisses me off how overzealous you Linux people are. The GPL is there to protect freedom, not make it so companies are unable to use it to do business. Calm down for a bit and see what's going on before you react liek this next time.
Actually, from what I understand, the BSD license is more appropriate for businesses who do not wish to disclose their modifications.
Join the TWIT army now!
No reason to wait... This kind of thing has happened many times before. You send 'em a "comply or desist" letter, which should weed out all those infringing due to ignorance. So far, all GPL infringment cases have been settled out of court, which is why everybody's saying it's "untested in court". In reality, no lawyer in their right mind would actually try to fight the GPL. It's not like this issue's never come up before.
-3Suns
~~~~
The Revolution will be Slashdotted
I would have thought somebody of your stature wouldn't have made such a simple mistake. The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request. Thus the company does nothing wrong until it refuses to release the source upon a request.
Hey Bruce, do you know if anyone is doing anything about these violators?
Off the top of my head they've modified GRUB, VideoLan, and KHTML and aren't distributing the source code or including a written offer for the source code in the distribution.
Dinivin
Cisco got trapped this way, too. And they can turn around and sue those far-east folks, if it's worth their time.
I am an expert witness in one such case.
Bruce
Bruce Perens.
You have to distribute source whether or not it's a derivative work.
Not exactly true. You do not have to DISTRIBUTE the source, you can make the source available on request and that is good enough.
See paragraph 2 of the GPL Preamble (...or can get it if you want it.) as well as Item 3, Sub-Item B of the main body:
"b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,"
In short, you DON'T have to distribute the source WITH the product. Making it available via a download would satisfy.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Bruce
Bruce Perens.
[snip from GPL]
/. opinion is on this.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
[end snip]
So does this then mean that if I install Linux on my computer, and then sell or give my computer away I must provide extensive notification of the Linux installation? Including documentation at each place I may have edited the code, and some form of the Linux kernel source in cases were I do not have the kernel source installed?
I can see how distributing firmware upgrades constitutes distributing software, and is thus firmly within the preview of the GPL. However, I'm having a harder time understanding how imbedded hardware applications constitutes a software distribution. If the hardware running the GPLd software can not under normal operation be accessed by an end user does it still constitute software distribution? The manufacturer does seem to be getting some benefit from the use of the GPLd software. However, if I use an online service that uses a modified Linux on internal hardware are they required also to provide me with their source? Where is the line? That the hardware is physically in my possession? What if I rent or lease equipment? This seems like a very slippery slope for the proliferation of GPLd software.
I'm not proposing an opinion I'm just curious what the
I didn't write the RPL(it was written by Scott Shattuck at Technical Pursuit--but I helped with some of the legal research and also helped walk the license through the OSI approval process.
The fact that they're distributing it just as a binary is not in itself a GPL violation. The GPL doesn't require that you actually include the source code, but rather that you make the source code accessible without much hassle. So who knows, maybe if you called one of these companies asking for the source code they would send you a file or a CD or something with the source code on it! In that case they would be totally in-line with the GPL.
However, I would bet that that's not really the case and they don't make the source code available as easily as that. In that case there probably should be some complaining about it as they would be in violation of the GPL. Even if that were the case though, I doubt they would be opposed to changing their practices to make that code available, especially since (from what people have been saying) they don't seem to have modified the code very much.
exactly.
the more maddening part is that Sigma is so violently anti-open source that they flat our refuse to release code to use their em8500 chipset. we had to reverse engineer the em8300 and 8400 chipset but so fgar we have discovered that they intentionally changed things to be radically different from the 8400 to thwart open source driver efforts. and all communication with the company about information has resulted in hostility towards a open linux driver.
Yes they have a binary driver available. it is completely a useless piece of junk.
Sigma designs is a hostile company. their attitude towards open source and linux in general is appaling enough, this is another stab in the back of every OSS developer.
I think his terminology was incorrect. I think what he was saying is that it's a stock linux kernel with non-GPL'd kernel drivers.
Yes, that's exactly what I had in mind - thanks. Take a stock kernel, write your own drivers specific to your widget, and release a binary.
In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?
I'm asking because I work in the embedded field, and recently talked my engineering team into Linux for our next target. And this is the development path we intend to follow. We aren't modifying anything, we're using stock kernels and adding our drivers in.
I hope Bruce keeps reading this thread. I'm not trolling - honest! I'd really like to not wind up on "the list".
Weaselmancer
Weaselmancer
rediculous.
why can't you just ignore the GPL?
As a user... you can ignore the GPL. You can use the software as you see fit.
As a distributer of GPL'ed software - you have to get permission from the copyright holder to copy the software, or, if you'd like, follow the terms of the GPL.
With an EULA, you have to get permission from the copyright holder to copy the software. (Fat chance). Or.... nothing. EULA's don't give you permission to copy software at all.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Bruce
Bruce Perens.
Is in compliance, or at least appear to be.
Bruce
Bruce Perens.
Bruce
Bruce Perens.
The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request.
To comply fully with the GPL you have to offer the source code. The GPL is quite explicit about this: when you distribute a binary, you have to tell people how they can get the source code and the offer has to accompany the binary distribution.
The real "Libtards" are the Libertarians!
They have done so. It's $32 per device. RD
3(b) of the GPL says the written offer must apply to any third party, not just the person who got the binary.
Bruce
Bruce Perens.
Well if anyone said you can ignore a EULA, they lied. A EULA may not be legally binding in general (a hidden provision signing off your first-born child would just be so many useless words) because you hven't actually signed anything. But it does affect your use of the software. Agreeing to a EULA can legally limit the things you can do with the software and your legal recourse against the distributor.
EULAs are, however "unenforceable" in that it would be impossible/impractical for a software distributor to catch you violating the EULA, or gain enough evidence to prosecute you for it. It's like laws prohibiting oral sex in your home... It might be illegal, but for anyone (including the police) to catch you doing it, it would require them to break the law in the process of obtaining evidence. This is what most people mean by "unenforcable" (dunno about the legal definition if any... IANAL).
The GPL is significantly more enforcable, since it deals with the distribution of software, which must be done in public. These embedded devices contain GPLed software, that much anyone can verify, but the companies are not distributing the code. All the evidence needed to make a case is publicly available.
-3Suns
~~~~
The Revolution will be Slashdotted
If someone works with Linux he has to know about the GPL, simple as that. A former employer of mine worked with the EM8400 and I wrote an application that used it. And we knew about the GPL and planned to release the sources when the product was to be released.
Unfortunately our company went insolvent so it's quite easy to say that we would have released the offending sources ;-) But the point is we worked with Linux and thus knew we had to deal with the GPL. I think anyone who professionally works with Linux has to know the GPL.
But many companies seem to ignore the GPL and just hope they won't get caught. It can be very hard to convince your managers that you are forced to republish any modified GPL'ed programs. In my experience the engineers/programmers know the GPL very well and tell their managers about it but those just don't want to hear. They are not comfortable with giving anything out to the public, even when it's about non-critical stuff or like in this case work of others with a license that forces you to release that particular code. They seem to ignore the fact that only the stuff that your employees wrote is the only thing you really have a right to and that you don't need to release that.
On the other hand Sigma could be telling their customers more about the GPL and what their customers have to publish and what they can keep. But I don't think it's Sigma's fault when their customers don't comply with the GPL.
Bruce
Bruce Perens.
linux zealots at their best, foaming at the mouth whenever someone doesn't follow their every command.
You're trolling, but this raises some worthwhile points, so I'll respond anyway.
In the first place, this is no different whatsoever from the behavior of any copyright holder -- just try distributing DVD players running Windows CE without a license, and see if Microsoft doesn't get peeved.
In the second place, no one has to follow the commands of the "Linux zealots". Anyone can opt out of the GPL by simply not distributing GPL'd code. Don't distribute, and you won't be subject to the terms of the license.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
While I am sure that there are numerous manufacturers out there that are blatantly violating the GPL in their use and distribution of Linux, that may not be the case with these manufacturers.
The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request. No one else is entitled to the source, only those that have received the distribution. It is even legal for them to refuse requests for the source from those who have not been distributed to, as in people who do not own the DVD players. This strict interpretation breaks down when these manufacturers make the software freely downloadable from their website in the form of firmware upgrades but, even in this case, the GPL does not require the distributor to make the source available on the website. They can still require formal requests before providiing the source.
Now, what the LKML does not say is, if the people concerned have made a formal request or not. It states that they examined the web site but there is no requirement for the DVD manucaturer to post the source on their website.
Like I said in the begining, they may be in violation of the GPL but there is insufficient evidence in the LKML posting to prove that. Remember that it is only a courtesy when distibutors make the sources available to all on their website. The GPL does not require them to do so at any time.
Has anyone been able to get the source from Watchguard? I've never been able to find sources from them. As for the written offer, I've never seen that either unless it is hidden away on their included CD-ROM.
why can't you just ignore the GPL?
You can. The GPL even says so. Section 5 says:
However, if you don't accept the GPL, then ordinary copyright law applies, and copyright law says that you're not allowed to make copies of a copyrighted work without permission of the copyright holder. So, you can use GPL code without accepting the GPL, but you have no right to distribute it.
Section 5 goes on:
If you want to make and distribute copies, you have to get permission. The GPL will grant you that permission, but only with some caveats. Or you can contact the copyright holder(s) and negotiate some other agreement that gives you permission. If you don't want to do either of those, then you can't distribute the code without opening yourself up to lawsuits.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
How is it anti-business? If you want to distribute GPL code and don't like the license terms, you're free to negotiate others or to write your own code. This is exactly the same situation as with proprietary code, except that the GPL gives you an easy way out if you are willing to accept the restrictions that come with it.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
If SCO is selling embedded licenses for $29 per device and the DVD manufacturers are RETAILING them for $29 at Wally World then they must be giving them away for free.
When you consider all the middle men and middle-middle men that handle the unit from assembly line in China to the isle pallet at wally world, each handler marking up the unit 100%, or at the very least, 50%, (and figure in shipping costs too!) the cost to produce a DVD player is most likely in the less than $1 per unit range. And if they paid the SCO scam of $29 per unit, they would be losing a LOT of money real fast.
It's in their best profit-interest to ignore the GPL and do what ever the hell they want. If they get sued they can fold shop, change name/address and be back to cranking out new players the next day.
Welcome to the wonderful game of "global greed"
As far as a contract goes, I'm still convinced that it's null and void because there's no consideration involved.
And you'd be wrong. Time to go back to law school. See Contracts - Cases and Comment sizth edition, by Dawson et al. page 370.
"Consideration confers a benefit on the promisor or causes a detriment to the promisee...." In this case, the promisee is the redistributor of the GPL'd work, who is required to perfrom an act that he has no legal duty to perform - provide access to the source code along with the binary. There is consideration, therefore the GPL stands as a valid contract on that point.
Redhat, IBM, AT&T, Stelias Computing Inc., Turbolinux Inc., Los Alamos National Laboratory, Carnegie-Mellon University, Tacit Networks Inc, Mountain View Data Inc., Cluster File Systems Inc., Axis Communications AB, Transmeta Corporation, Caldera Deutschland GmbH (now SCO), Procom Technology Inc., Conectiva Inc. Qualcomm Inc., Montavista Software Inc., Madge Networks Ltd., Fore Systems Inc., ATecoM GmbH, Sun Microsystems, Telford Tools Inc., Free Software Foundation, ITConsult-Pro Co., Farsite Communications Ltd., Sangoma Technologies Inc., Intel Corporation, SysKonnect, United States Government, Fujitsu Laboratories Ltd., Digital Equipment Corporation (now HP), Silicon Graphics Inc. (now SGI), Silicon Integrated Systems Corporation, PJD Weichmann & SWS Bern, Digi International, D-Link Corporation, DAVICOM Semiconductor Inc., MIPS Technologies Inc., Lucent Technologies Inc., RedCreek Communications Inc.Texas Instruments, University of California, Inside Out Networks Inc., Innosys Inc., Keyspan, Precision Insigth Inc., Va Linux Systems Inc, Broadcom, Hewlett Packard, ARM Ltd., The Victoria University of Manchester, SpellCaster Telecommunications Inc., Eicon Technology Corporation, Cytronics & Melware, QLogic, Perceptive Solutions, Mylex Corporation, LSI Logic Corporation, Compaq Computer Corporation (now HP), Tekram Technology, Seagate, Adaptec Inc., Creative Labs Inc.... Ok, I'm bored now, so that's all I can be bothered entering. Try a "grep -r -i copyright ." in your /usr/src/linux, and probably '(c)' as well.
Does that look like college kids to you?
Now, a lot of these companies are small, but quite a few of them are Fortune 500 companies too. There's your weight.
A lot of the above companies own copyrights on specific drivers only, so they may or may not apply in specific configurations, but many key contributors, such as IBM, SGI, Redhat, HP, Novell (SuSE) have their stuff all over the place in the kernel, and have money to go after you when it's their interest to protect their IP.
by Bruce Perens (3872) .Bruce Perens (150539)
by
So will the real Bruce Perens please stand up and his karma whoring alterego please step aside? Unless you're _both_ the real Bruce Perens, in which case I excuse myself, oh schizophrenic one!
Ceci n'est pas une signature
Bruce
Bruce Perens.
Nvidia only gets away with this because they don't ship the Linux kernel. The end user combines nvidia's drivers with the kernel, creating an "incompatible" combination that can be used by the end user but may not be further redistributed.
Most embedded device manufacturers are going to be distributing the kernel with their modules. Since the modules link to the kernel as shipped, the modules must be GPL'd.
OpenAdStream (http://www.realmedia.com/) serves a lot of banners you see on the web sites.
The core of the product is mod_oas.so, an Apache module.
It embeds GDBM and GNU Rx that are both published under the GPL licence. It doesn't dynamically links with these libraries, it really embeds a specific version of them (the server works without the libraries installed on the system). If you are an OpenAdStream customer, just run "strings" on the module to discover the name of the source code of GDBM and an RCS ID of GNU Rx.
However the module is commercial, closed-source software. The GPL licence is available nowhere in the product. Even GNU Rx and GDBM author's names are missing.
I sent them multiple emails about this, none ever were answered.
{{.sig}}
At first, I was in complete agreement with the idea being expressed here. It falls in line with the popular misconception that "free software" is all about "no cost". From there it isn't too far of a leap to suggest that if source code is included, Open Source code might be mistaken for something in the public domain.
But then - we're talking about professionals in the software industry. Getting software at no cost and not being aware of its licensing is a neophyte's mistake. After all, Open Source software is hardly the first time software has been available without an up-front fee.
Look at the whole range of software commonly referred to as "freeware". Some lump Open Source software under this label. However, freeware also includes quite a range of software licensed under proprietary licenses. Some proprietary licenses limit use - often delimited by commercial or non-commercial use. Sometimes these licenses don't even allow redistribution of the binaries that are freely available from the author's site.
It is very common practice within the Industry for software to be restricted in ways other than cost. And even when a fee is paid, the software in question still involves licensing restrictions. Developers know that this includes software with source code.
In the end, I agree that the GPL and many other Open Source licenses will seem odd to Industry developers. However, shrugging off these restrictions as "non-intutive" is naive. Anybody who has spent any time in the Industry knows that "free" means very little when it comes to licensing. And they should have the basic instinct to investigate and understand the license involved in any software they acquire and use.
Cisco didn't challenge it after acquiring Linksys, who use Linux in their routers and switches. After speaking with FSF legal counsel, Cisco put up all of the source.
The company I work for has fairly deep contacts at Cisco. Believe me, they weren't concerned about bad PR. It was a legally wise decision.
The FSF has challenged many, many incidents of GPL violation. Every company challenged has chosen to settle out of court.
I suspect you don't work with GPL'd code, have never dealt with companies that do, and have actually never been involved in systems development at all.
Whoa, I wasn't aware of that.
What if, say, a consultant uses GPL code as the basis for code developed for a customer. He gives the customer the executable and said offer for source code.
Now if I, as a third party, simply know of the existence of that deal, having nothing else to do with it, I can go ask for the source code?
Is there a way for the customer to keep the derived code for himself, if he does not wish to distribute it? (I understand that if he does distribute it, it must be under the terms of the GPL.)
been here before
And one story with a post where someone who clearly spends a lot of time reading stuff on Slashdot whines about how bad it is.
What is this, some kind of public self-flagellation ritual or something?
I purchased this DVD player late last summer and discovered the Linux kernel present on the upgrade BIOS disc.
This is the response I got from them:
----
From: DCTW_Service@liteonit.com
Subject: Re: Request for GPL Code
Dear Sir,
Sorry at the present, we don't provide the source code.
Thanks for your understanding.
Best Regards!
----
Of course, my understanding isn't important. The copyright owner's understanding is what matters.
I decided to e-mail the folks at the FSF for a follow up. I assumed that was the place to go, though I admit even today, that I'm not exactly sure sometimes.
Here was the response from them:
----
From: license-violation@fsf.org Subject: [gnu.org #114549] Linux GPL Code Violation - LiteOn Phomaster LVD-2001
For some reason, your mail never reached my inbox (indeed, the web interface to our RequestTracker seems to be having a bit of a hard time with it too). So, sorry for the late response.
We've already seen a few violations which look to be the same product as this under different packaging. We will add LiteOn to the list of people to write to about this. Thanks for the report.
--
-Dave "Novalis" Turner
GPL Compliance Engineer
Free Software Foundation
----
The whole process was really quite daunting from my perspective. It is my understanding that the Linux Kernel is not a GNU product (though much of the software in a typical linux distrubtion is). Being a linux/GPL/FSF/GNU newbie, it took me quite a bit of time to hunt down a place to submit my complaint. Does anybody know of a database of copyright owners who use the GPL, and more importantly a convenient location for notifying said individuals when a breach is found or suspected? Even the FSF site didn't have a spot that was blaringly obvious to someone who had never visited the site before for reporting GPL violations of their software.
I will say, its nice to see some attention being payed to this with regard to my DVD player. Not to advertise for the theifs, but its a great player...the new BIOS even allows one to play ogg encoded files written to a DVD or CF card. I'm interested, obviously, in getting my hands on the code and potentially flashing the BIOS with my own handy-work...maybe see if I can get the thing to take a hard drive or wireless network adapter in its PC card slot.
"God is dead!" - Nietzsche
"Nietzsche is dead!" - God
The GPL is anti-business because it seeks to undermine traditional business models (by reducing the cost of software to $0) while thwarting alternative business cases
Sure, the GPL is antithetical to traditional software businesses, but GPL software is also tremendously useful to lots of other businesses. Lots *more* businesses, in fact.
Sure there are plenty of /. pontificators who sit around on their couch proposing alternative business models, but 90% of those wouldn't pass the laugh test at a corporate board meeting.
Here's one, see if it passes the "laugh test": A company is in the business of producing computer-animated films. It can buy high-end hardware that runs expensive software which may not always do exactly what it needs, or it can grab GPL'd software, modify it as needed and run it on commodity hardware.
Now, which type of software better serves this business?
Or, how about this one: A company is in the business of selling powerful computers, high-end proprietary software products and professional services to integrate the software and hardware and make it meet business needs. This company can develop its own proprietary operating system(s), incurring huge costs that really only serve to support the hardware and services businesses, or the company can grab GPL'd software, port it to the company's hardware, port the software to it and train the company's services professional on it. The services professionals can then score additional points with their clients by pointing out that the clients are not locked into said company.
I'm sure you recognize this company.
The GPL is about making software available to users and keeping the software from being locked up and controlled. Many users, in business and not, appreciate this.
You can try to argue that this destroys software companies which will ultimately destroy software development, etc., etc., but that's crap. As long as there are people willing to give their work away for free, there's no market for competition to that work. In markets where the free stuff doesn't exist there are opportunities to sell proprietary software.
At the end of the day, this may very well slow the development of commercial software because it increases the risk that the investment will not show a return. I'm convinced that this slowdown will be more than offset by the fact that so much code is available for experimentation and enhancement by anyone, not just by the developers at one company.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
If the customer wish to keep the modified version for himself, wouldn't it be possible for him to contract the modification out as a work for hire (or whatever the copyright term is), so that he and not the consultant owns added material as far as copyright is concerned? Then no distribution has taken place, and the GPL is not in play (as far as the modified version is concerned, the original was of cause still obtained and modified under the permission of the GPL).
- is available here, http://www.duke.edu/~java32/bravo/bravohacking.htm l.
What you want them to do is to allow them to use their software as if it were BSD licensed. What the companies are doing is stealing software, and then selling it to other people. They have every right, and futhermore a duty, to make noise about this. The "price" of GPLed software is to release the source, and you need to "pay" to use software they didn't write for commercial products. Sorry.
Oh well. I guess respecting the author's rights is unimportant next to making sure they use "anything but Windows," eh?
I don't think I'm too worried about scaring thieves off.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
If anyone does not like the GPL license that goes with Linux, then there is BSD as alternative open source OS. By using BSD instead of Linux, there is no requirement to release the modified source. If you insist on using Linux then you should respect the terms of the contract. If your supplier uses Linux and you modify the code then you should either respect the GPL, ask your supplier to use a different OS, uses a different OS yourself or seek an alternative supplier, who does not use Linux in their product.
There are choices, and it is up to the business to make the best one for their needs and limitations.
Jumpstart the tartan drive.