From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2009/gpl-embedded_market/embedded.txt | 62 +++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 2009/gpl-embedded_market/embedded.txt (limited to '2009/gpl-embedded_market/embedded.txt') diff --git a/2009/gpl-embedded_market/embedded.txt b/2009/gpl-embedded_market/embedded.txt new file mode 100644 index 0000000..7df4503 --- /dev/null +++ b/2009/gpl-embedded_market/embedded.txt @@ -0,0 +1,62 @@ + +gpl compliance in the embedded and mobile market + +introduction + +the traditional embedded [Linux] industry + is selling high-quality products for markets like industrial automatization + is typically composed by SME with very high skill level + typically has relatively low quantities and thus high price + typically has a relatively good reputation of GPL compliance + thus not really a big problem maker + + +the mass-market embedded industry + has very long supply chains + very few entities in that chain understand the product + often unclear who truly originates a GPL violation + elements distributed over many jurisdictions + + +how does that industry work + chipset maker develops a chipset for a given application + chipset maker develops Board Support Package (BSP) + some board-level maker produces a reference board + reference board + BSP are used by all other companies to build their products + some big OEM customers buy the products + not knowing or not asking what is in the product + the OEM sells its products through regular consumer electronics distributors + + +how does that industry work, further complications + the BSP might not be provided by the chipset maker itself + they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills + it might be an alternative 3rd party BSP + or it might be an improvement over the original BSP + the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services + the OEM might need to partner with some other company in order to get such an ISP/telco deal + any entity in the supply chain will push their own requirements down the chain + the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements + + +some other important facts about that industry + even those companies which you perceive as key players are nothing more than brands + most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D + they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture + business relationships are very ad-hoc + e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider + thus, limited economic pressure can be excerted onto them + many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance + + +specific problems we're seeing + an incredible amount of technical incompetence + almost nobody in the supply chain understands the product and its software architecture / components + this leads to incomplete source code releases that + don't have "complete corresponding source code" (GPLv2) + scripts to control compilation and installation + thus are impossible to actually compile into object code + contain GPL violations in itself (derivative works with proprietary components) + + + -- cgit v1.2.3