Slashdot Mirror
Symantec May Violate Linux GPL in Norton Core Router (zdnet.com)
An anonymous reader writes: For years, embedded device manufacturers have been illegally using Linux. Typically, they use Linux without publishing their device's source code, which Linux's GNU General Public License version 2 (GPLv2) requires them to do. Well, guess what? Another vendor, this time Symantec, appears to be the guilty party. This was revealed when Google engineer and Linux security expert Matthew Garrett was diving into his new Norton Core Router. This is a high-end Wi-Fi router. Symantec claims it's regularly updated with the latest security mechanisms. Garrett popped his box open to take a deeper look into Symantec's magic security sauce.
What he found appears to be a Linux distribution based on the QCA Software Development Kit (QSDK) project. This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system. For Symantec's purposes, QSDK and OpenWrt are an excellent choice. Instead of a read-only firmware, OpenWrt has a fully writable filesystem with package management. This enables Symantec to easily customize its router with updated security features. But -- and it's a big but -- if it's indeed based on QSDK and OpenWrt, Symantec needs to share the Norton Core Router's code with the world.
What he found appears to be a Linux distribution based on the QCA Software Development Kit (QSDK) project. This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system. For Symantec's purposes, QSDK and OpenWrt are an excellent choice. Instead of a read-only firmware, OpenWrt has a fully writable filesystem with package management. This enables Symantec to easily customize its router with updated security features. But -- and it's a big but -- if it's indeed based on QSDK and OpenWrt, Symantec needs to share the Norton Core Router's code with the world.
If Symantec are distributing Linux, then they need to make the source code for Linux available to their customers. If their system is based on OpenWRT, then they need to make the source code for OpenWRT available. Saying "Symantec needs to share the Norton Core Router's code with the world" is essentially saying that every piece of software written for Linux has to be open source - and it just ain't so. The GPL may be viral, but it's not that viral.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
Sorry, Martin, it really is unlicensed copying that is the violation. The way it works is when you violate the license, the copyright holder (plaintiff) goes to court and says "the defendant is infringing my copyright by making unlicensed copies". The defendant answers with their defense: "I am not violating copyright because I have a license". The plaintiff then shows all of the ways that the defendant is not honoring the license terms, and thus demonstrates that the act of copying was unlicensed and that for the defendant, all rights were reserved and are thus being infringed. The tort is making unlicensed copies.
Bruce Perens.