summaryrefslogtreecommitdiff
path: root/2009/gpl-embedded_market/embedded.txt
blob: 7df450391ea01106653de2422ba4f0b618667f59 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

gpl compliance in the embedded and mobile market

introduction

the traditional embedded [Linux] industry
	is selling high-quality products for markets like industrial automatization
	is typically composed by SME with very high skill level
	typically has relatively low quantities and thus high price
	typically has a relatively good reputation of GPL compliance
	thus not really a big problem maker


the mass-market embedded industry
	has very long supply chains
	very few entities in that chain understand the product
	often unclear who truly originates a GPL violation
	elements distributed over many jurisdictions


how does that industry work
	chipset maker develops a chipset for a given application
	chipset maker develops Board Support Package (BSP)
	some board-level maker produces a reference board
	reference board + BSP are used by all other companies to build their products
	some big OEM customers buy the products
		not knowing or not asking what is in the product
	the OEM sells its products through regular consumer electronics distributors


how does that industry work, further complications
	the BSP might not be provided by the chipset maker itself
		they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills
		it might be an alternative 3rd party BSP
		or it might be an improvement over the original BSP
	the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services
	the OEM might need to partner with some other company in order to get such an ISP/telco deal
	any entity in the supply chain will push their own requirements down the chain
	the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements


some other important facts about that industry
	even those companies which you perceive as key players are nothing more than brands
	most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D
	they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture
	business relationships are very ad-hoc
		e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider
		thus, limited economic pressure can be excerted onto them
	many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance


specific problems we're seeing
	an incredible amount of technical incompetence
		almost nobody in the supply chain understands the product and its software architecture / components
	this leads to incomplete source code releases that
		don't have "complete corresponding source code" (GPLv2)
			scripts to control compilation and installation
		thus are impossible to actually compile into object code
		contain GPL violations in itself (derivative works with proprietary components)



personal git repositories of Harald Welte. Your mileage may vary