On Wed, Feb 25, 2015 at 1:06 AM, ke...@allwinnertech.com <ke...@allwinnertech.com> wrote: > Hi, Luc, > > Allwinner is trying to fix the GPL issue taken on Cedarx. > We have release the latest version of cedarx with LGPL. And just close the > code of Video Engine hardware, the framework and API is opensource. > We will review the code again, to fix the GPL issues still existed. We are > trying to do better, if you found any GPL issue, please let us know, we will > fix it and update it ASAP. > > About the kernel GPL issue, we are fixing it now, we will update the code to > open some drivers.
Kevin, there are advantages to being open source. For example my company tried using the A20 for a product two years ago. We spent a lot of effort developing it and never could get the video compression working the way we needed it to work. I sent several bugs into Allwinner which got fixed, but the fixes came back about eight months after I had sent the problems in. That was far too late to save our project. Since we couldn't get the A20 version of the product going we finally gave up and switched to a different CPU vendor. All of this messing around probably cost us $250,000. Plus we are paying more for the new CPU. But the new one works correctly, which is the most important point. If I had the source to the compression code I probably could have fixed it myself and sent out a patch. Or maybe I could have inserted debug printouts and narrowed the problem down to a very specific bug report which would have made it easy for you to fix. Instead I was just stuck using a black box which didn't always do the right thing and I had no ability to fix. We finally gave up and switched CPUs. Being open source allows other people to help you improve the code. There are a lot of highly skilled programmers working on Linux. When shipping their products is dependent on getting Allwinner code fixed, they will go in and fix bugs if they have the source code. They will also send you these fixes since they want them incorporated into the official releases. ---- On another topic - kernel drivers. Closed source, out of tree kernel drivers are a security nightmare. Consider what happens when a security bug is found in the Linux kernel. The bug is disclosed and a fix is issued. For vendors on mainline they can quickly incorporate these patches and send our dynamic updates out to their products. But what about closed drivers? It is easy to crack into old kernels. The instructions on how to do it are included in the security vulnerability disclosure. Closed drivers prevent me from applying these security patches and moving onto a newer kernel. Instead I have to wait until Allwinner decides to update their kernels - which may be years. This attack method is used a lot in the wild. It is how the first attack against Sony was done (not the current one). They were running three year old kernels on their servers. Somebody just looked up the vulnerabilities that had been fixed and used one to walk right into their corporate network. This is a not a good thing for someone like Allwinner who is making security camera chips now. > Thanks. > > Best Regards. > ________________________________ > ke...@allwinnertech.com > > > From: Luc Verhaegen > Date: 2015-02-25 11:55 > To: linux-sunxi@googlegroups.com > CC: Meng Zhang; sh...@allwinnertech.com > Subject: Allwinner GPL violations: definitive proof. > This was just posted on the allwinner github account: > > https://github.com/allwinner-zh/media-codec > > This contains: > > https://github.com/allwinner-zh/media-codec/blob/master/sunxi-cedarx/LIBRARY/CODEC/VIDEO/DECODER/libvdecoder.so > > This binary contains symbols from both ffmpeg (LGPL, but altered/hacked > up) and libVP62 (anti-compiled from java, and taken off the web in > 2006). The LGPL forces Allwinner to produce the full and complete source > code of these binaries. How they are going to explain libVP62 to On2 > Technologies, now google, is beyond me (cfr. > http://en.wikipedia.org/wiki/VP6) > > With all the previous "indiscretions", it was always possible to claim > that there was some chance that Allwinner was not the source of the many > violations. It was always pretty clear that Allwinner was the source, > there were just too many coincidences, the violation was too all > encompassing, and not a single device maker spilled the goods. The fact > that they threw out a kernel tree with most code and all binaries > removed, was, despite being a ludicrous and laughable action, another > very clear sign that Allwinner was indeed the source of these > violations. > > Now however, the fact that allwinner posted this very clearly shows that > Allwinner is the source. It is absolutely unequivocal this time round. > > To top this off, it is 6 months after the last GPL violation shitstorm. > This puts serious doubts behind the claims that Allwinner truly is > learning and willing to cooperate. > > Allwinner, it is very high time to start playing nice. You've been at it > for 4 years now and seem utterly incapable of or unwilling to change. > > Luc Verhaegen. > > NOTICE: This e-mail and any included attachments are intended only for the > sole use of named and intended recipient (s) only. If you are the named and > intended recipient, please note that the information contained in this email > and its embedded files are confidential and privileged. If you are neither > the intended nor named recipient, you are hereby notified that any > unauthorized review, use, disclosure, dissemination, distribution, or > copying of this communication, or any of its contents, is strictly > prohibited. Please reply to the sender and destroy the original message and > all your records of this message (whether electronic or otherwise). > Furthermore, you should not disclose to any other person, use, copy or > disseminate the contents of this e-mail and/or the documents accompanying > it. > > -- > You received this message because you are subscribed to the Google Groups > "linux-sunxi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to linux-sunxi+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Jon Smirl jonsm...@gmail.com -- You received this message because you are subscribed to the Google Groups "linux-sunxi" group. To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
