gpl compliance in the embedded and mobile market introduction the traditional embedded [Linux] industry is selling high-quality products for markets like industrial automatization is typically composed by SME with very high skill level typically has relatively low quantities and thus high price typically has a relatively good reputation of GPL compliance thus not really a big problem maker the mass-market embedded industry has very long supply chains very few entities in that chain understand the product often unclear who truly originates a GPL violation elements distributed over many jurisdictions how does that industry work chipset maker develops a chipset for a given application chipset maker develops Board Support Package (BSP) some board-level maker produces a reference board reference board + BSP are used by all other companies to build their products some big OEM customers buy the products not knowing or not asking what is in the product the OEM sells its products through regular consumer electronics distributors how does that industry work, further complications the BSP might not be provided by the chipset maker itself they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills it might be an alternative 3rd party BSP or it might be an improvement over the original BSP the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services the OEM might need to partner with some other company in order to get such an ISP/telco deal any entity in the supply chain will push their own requirements down the chain the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements some other important facts about that industry even those companies which you perceive as key players are nothing more than brands most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture business relationships are very ad-hoc e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider thus, limited economic pressure can be excerted onto them many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance specific problems we're seeing an incredible amount of technical incompetence almost nobody in the supply chain understands the product and its software architecture / components this leads to incomplete source code releases that don't have "complete corresponding source code" (GPLv2) scripts to control compilation and installation thus are impossible to actually compile into object code contain GPL violations in itself (derivative works with proprietary components)