blob: 7df450391ea01106653de2422ba4f0b618667f59 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
gpl compliance in the embedded and mobile market
introduction
the traditional embedded [Linux] industry
is selling high-quality products for markets like industrial automatization
is typically composed by SME with very high skill level
typically has relatively low quantities and thus high price
typically has a relatively good reputation of GPL compliance
thus not really a big problem maker
the mass-market embedded industry
has very long supply chains
very few entities in that chain understand the product
often unclear who truly originates a GPL violation
elements distributed over many jurisdictions
how does that industry work
chipset maker develops a chipset for a given application
chipset maker develops Board Support Package (BSP)
some board-level maker produces a reference board
reference board + BSP are used by all other companies to build their products
some big OEM customers buy the products
not knowing or not asking what is in the product
the OEM sells its products through regular consumer electronics distributors
how does that industry work, further complications
the BSP might not be provided by the chipset maker itself
they might have partnered with some other entity whom they might [erroneously?] think has better Linux skills
it might be an alternative 3rd party BSP
or it might be an improvement over the original BSP
the OEM might deliver its products to a telco or ISP who [sometimes exclusively] distributes the product bundled with its DSL / cable data services
the OEM might need to partner with some other company in order to get such an ISP/telco deal
any entity in the supply chain will push their own requirements down the chain
the board maker might not be able to have the skill, so they hire some 3rd party developers to hack the BSP to fulfill those requirements
some other important facts about that industry
even those companies which you perceive as key players are nothing more than brands
most well-known names like D-Link, Linksys, Netgear, Belkin, ... don't do their own R&D
they purchase/source on a per-device basis, i.e. every device might come from a different supplier, each with its own [software] architecture
business relationships are very ad-hoc
e.g. at the time the consumer buys the product, the board maker might no longer do business with the BSP provider
thus, limited economic pressure can be excerted onto them
many of the companies in that industry apparently don't even have basic engineering policies like use of a revision control system, so they might e.g. have lost the source code at the time somebody requests it as part of GPL compliance
specific problems we're seeing
an incredible amount of technical incompetence
almost nobody in the supply chain understands the product and its software architecture / components
this leads to incomplete source code releases that
don't have "complete corresponding source code" (GPLv2)
scripts to control compilation and installation
thus are impossible to actually compile into object code
contain GPL violations in itself (derivative works with proprietary components)
|