Quoting kjones (kjo...@columbus.k12.nc.us): > I own a piece of hardware that has an embedded system that appears to > be based in whole on a variant of linux. > > The firmware became corrupted, and so I naively went to the company > asking if I could have a copy of the firmware that shipped with the > device. They said only if I would pay $899 annual support fee. I then > asked them for the source code, to which they responded, it was > proprietary and they could not release it without a maintenance > contract. So I was able to break into the firmware and fix the issue > manually, but now I am very concerned that this company is holding > hardware hostage, and doing so with firmware that is open source. By > the way the firmware has linux file structure/linux commands you name > it. > > Any suggestions-- especially as to what I could say to the company?
Dear Kelly Jones: First of all, congratulations on breaking into the firmware and fixing the immediate problem. I trust that doing so makes the gear useful for you. The company selling the firmware does indeed bear the obligation to comply with the licensing terms of the various codebases it ships that were written by others, including the Linux kernel, which as I'm sure you know is under GNU General Public Licence v. 2. The 'firmware' image, if it is typical of embedded Linux devices, includes binary instances of many separate works, under diverse licence terms, some open source, some proprietary. Of the open source works, some have open source licences that impose on redistributors and creators of derivative versions the obligation to grant to all recipients access to matching source code for the work (as does the Linux kernel), others do not. The former category are generically called reciprocal licences; the latter are called permissive ones. A party such as the firmware publisher that fails that obligation (as to works under reciprocal licences) is by definition redistributing the work without licence. Therefore, the redistributor is commiting the tort (civil wrong) against the copyright holders of that work, e.g., the copyright holders of the Linux kernel. They have legal standing to sue for redress of the tort. You would not, unless you happen to be a credited code contributor. As a third party who is standing outside the commission of apparent torts against some copyright owners of code within the 'firmware' image, you have limited leverage, lacking standing for a copyright action. You could say to the company that you're getting in contact with stakeholders whose licences you believe they're violating -- and then do so. Unfortunately, these cases often prove frustrating for well-explained reasons. Exampleco may be under a reciprocal licence obligation to Coder A, but physically unable to comply because Exampleco subcontracted the software work to WeCodeCheap and never got source code from them, and WeCodeCheap isn't responding now when asked for it. And/or Exampleco may find it easier and cheaper to stall when requested for matching source code in the knowledge that this product is 2 months away from being end-of-lifed and replaced with a replacement model. Model lifetime in embedded Linux devices tends on average to be short and product churn rapid. Once the currently offending product has been EOLed, Exampleco can say 'We've dealt with the alleged copyright violation by withdrawing model XYZ from the market', and know that even parties with standing to sue probably won't bother because there's now little to be gained. I'm sure the above is not quite what you were hoping to hear, but I hope it proves enlightening, nonetheless. -- Cheers, 299792458 meters per second. Not Rick Moen just a good idea. It's the law. r...@linuxmafia.com McQ! (4x80 _______________________________________________ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
