Quoting kjones (kjo...@columbus.k12.nc.us):

> I own a piece of hardware that has an embedded system that appears to
> be based in whole on a variant of linux.
> The firmware became corrupted, and so I naively went to the company
> asking if I could have a copy of the firmware that shipped with the
> device. They said only if I would pay $899 annual support fee. I then
> asked them for the source code, to which they responded, it was
> proprietary and they could not release it without a maintenance
> contract. So I was able to break into the firmware and fix the issue
> manually, but now I am very concerned that this company is holding
> hardware hostage, and doing so with firmware that is open source. By
> the way the firmware has linux file structure/linux commands you name
> it.
> Any suggestions-- especially as to what I could say to the company?

Dear Kelly Jones:

First of all, congratulations on breaking into the firmware and fixing
the immediate problem.  I trust that doing so makes the gear useful for you.

The company selling the firmware does indeed bear the obligation to
comply with the licensing terms of the various codebases it ships that
were written by others, including the Linux kernel, which as I'm sure
you know is under GNU General Public Licence v. 2.  The 'firmware'
image, if it is typical of embedded Linux devices, includes binary
instances of many separate works, under diverse licence terms, some open
source, some proprietary.  Of the open source works, some have open
source licences that impose on redistributors and creators of derivative
versions the obligation to grant to all recipients access to matching
source code for the work (as does the Linux kernel), others do not.  The
former category are generically called reciprocal licences; the latter
are called permissive ones.

A party such as the firmware publisher that fails that obligation 
(as to works under reciprocal licences) is by definition redistributing
the work without licence.  Therefore, the redistributor is commiting the
tort (civil wrong) against the copyright holders of that work, e.g., the
copyright holders of the Linux kernel.  They have legal standing to sue
for redress of the tort.  You would not, unless you happen to be a
credited code contributor.

As a third party who is standing outside the commission of apparent
torts against some copyright owners of code within the 'firmware' image,
you have limited leverage, lacking standing for a copyright action.  You
could say to the company that you're getting in contact with
stakeholders whose licences you believe they're violating -- and then do

Unfortunately, these cases often prove frustrating for well-explained
reasons.  Exampleco may be under a reciprocal licence obligation to
Coder A, but physically unable to comply because Exampleco subcontracted
the software work to WeCodeCheap and never got source code from them,
and WeCodeCheap isn't responding now when asked for it.  And/or
Exampleco may find it easier and cheaper to stall when requested for 
matching source code in the knowledge that this product is 2 months away
from being end-of-lifed and replaced with a replacement model.  Model
lifetime in embedded Linux devices tends on average to be short and
product churn rapid.  Once the currently offending product has been
EOLed, Exampleco can say 'We've dealt with the alleged copyright
violation by withdrawing model XYZ from the market', and know that even
parties with standing to sue probably won't bother because there's now
little to be gained.

I'm sure the above is not quite what you were hoping to hear, but I hope
it proves enlightening, nonetheless.

Cheers,                                      299792458 meters per second.  Not
Rick Moen                                    just a good idea.  It's the law.
McQ! (4x80                        
License-discuss mailing list

Reply via email to