Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec May Violate Linux GPL in Norton Core Router (zdnet.com)

Posted by msmash on from the closer-look dept.

An anonymous reader writes: For years, embedded device manufacturers have been illegally using Linux. Typically, they use Linux without publishing their device's source code, which Linux's GNU General Public License version 2 (GPLv2) requires them to do. Well, guess what? Another vendor, this time Symantec, appears to be the guilty party. This was revealed when Google engineer and Linux security expert Matthew Garrett was diving into his new Norton Core Router. This is a high-end Wi-Fi router. Symantec claims it's regularly updated with the latest security mechanisms. Garrett popped his box open to take a deeper look into Symantec's magic security sauce.

What he found appears to be a Linux distribution based on the QCA Software Development Kit (QSDK) project. This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system. For Symantec's purposes, QSDK and OpenWrt are an excellent choice. Instead of a read-only firmware, OpenWrt has a fully writable filesystem with package management. This enables Symantec to easily customize its router with updated security features. But -- and it's a big but -- if it's indeed based on QSDK and OpenWrt, Symantec needs to share the Norton Core Router's code with the world.

6 of 144 comments (clear)

  1. Minor correction by Anonymous Coward · · Score: 1, Informative

    For years, embedded device manufacturers have been illegally using Linux.

    Ahem. They have been illegally copying Linux. You're allowed to use Linux without any terms. Copying is the activity that Congress passed laws to restrict.

    It's a minor detail, as long as everyone reading your words understands what you really meant. But imagine the various conclusions that a Trump-level intellect might make, and the misinformation they would spread. That's why you should really say what you mean, rather than having faith in readers.

    1. Re:Minor correction by Bruce+Perens · · Score: 5, Informative

      Sorry, Martin, it really is unlicensed copying that is the violation. The way it works is when you violate the license, the copyright holder (plaintiff) goes to court and says "the defendant is infringing my copyright by making unlicensed copies". The defendant answers with their defense: "I am not violating copyright because I have a license". The plaintiff then shows all of the ways that the defendant is not honoring the license terms, and thus demonstrates that the act of copying was unlicensed and that for the defendant, all rights were reserved and are thus being infringed. The tort is making unlicensed copies.

      --
      Bruce Perens.
  2. Re:This could have been avoided by Anonymous Coward · · Score: 3, Informative

    I came to the comments to say just this. The BSDs are the way to go if you're going to make closed commercial software. We don't mind, and we welcome any donations or patches as a way of saying thanks!~

  3. Not... really by DeathToBill · · Score: 4, Informative

    If Symantec are distributing Linux, then they need to make the source code for Linux available to their customers. If their system is based on OpenWRT, then they need to make the source code for OpenWRT available. Saying "Symantec needs to share the Norton Core Router's code with the world" is essentially saying that every piece of software written for Linux has to be open source - and it just ain't so. The GPL may be viral, but it's not that viral.

    --
    Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
  4. Re:not share with "the world" just "customers" by Anonymous Coward · · Score: 3, Informative

    I've no idea if this opinion is common or if it's the same AC who appears to peddle it every time but it's wrong. GPL V2 gives 3 options to distributing binaries, one of which must be met.

    1. 1. Accompany the binaries with the complete source code.
    2. 2. Accompany the binaries with a written offer, valid for 3 years, to give any third party the complete source for no more than your cost.
    3. 3. Pass on a written offer you received under the second option but ONLY for noncommercial distribution where you received such an offer.

    So unless you provide the source with the binaries the only way you can commercially distribute is if you will give anyone the source for no more than cost.

  5. Re:No they are not. by johnw · · Score: 3, Informative

    A simple statement that the source is freely available elsewhere is sufficient to fulfill this requirement.

    Again - not true. This option is available only in the case of non-commercial distribution. If you want a copy of Linux and I fling you one of my old CDs then I don't need to make you an offer of the source as well.

    If OTOH, I sell CDs of Linux as a business, I do need to make provision for you to be able to ask for the source as well.

    c) Accompany it with the information you received as to the offer
            to distribute corresponding source code. (This alternative is
            allowed only for noncommercial distribution and only if you
            received the program in object code or executable form with such
            an offer, in accord with Subsection b above.)

    The text of the GPLv2 is freely available and very comprehensible - why don't people read it?