Hello! I just subscribed to this (and the announce and legal) list in order to follow your work more closely. One of my reasons for doing so is that I am more and more seeing GPL/LGPL violations by especially embedded device makers and this starts to annoy me. Especially annoying is the fact that almost any of them a) simply ignored the license when making the device and b) either continues to do so after marketing the device or at least is very reluctant to finally comply.
During the past months I had various email conversations with manufacturers of mobile devices and was able to at least "free" two Linux kernel source trees and am still in conversation with two others. A situation which starts to get unbearable for me :( The devices of which I freed the kernels were: - "I'm Watch" smartwatch by Italien maker "I'm Smart": http://www.imsmart.com/it Finally the kernel is here: http://developer.imsmart.com/download But the devices are tivolized, i.e. hardware encryption is used to verify signatures placed on the bootloader and kernel and so the sourcecode is in fact pretty useless :( - Telekom/Pageplace ebook reader "Tolino Shine": http://www.tolino.de/ Sources are now here: http://www.tolino.de/wp-uploads/kernel.tar.gz The devices/manufacturers I am currently still chasing down are: - Thalia / Medion, ebook readers "Oyo" and "Oyo-II", runs Linux Kernel, U-Boot,GNU bash 3.2.24, GLIBC 2.6.1, wpa_supplicant 0.6.9, BusyBox v1.7.2, rzsz, mtd flash utils, proftpd and Alsa lib 2.0.0. The only source they offered is an incomplete archive of U-Boot and Linux Kernel missing vital driver parts. - Miura "Shuttle", chipcard e-payment terminal, runs Linux Kernel with BlueZ and presumably a lot more GPL/LGPL stuff: http://www.miurasystems.com/solutions.html I am *not* willing to further accept this behaviour. I am consulting my clients to comply to the open source licenses and work with them to create proper disclaimers for their manuals and create proper download offerings. I do this because I think this is the only way that open source and free software will continue to evolve. Other manufacturers are making money with the many years worth effort that *we* created. I think the least thing they should do in return is to respect our work and the license we put it under. As one of the copyright holders of the Linux kernel I am in the lucky legal position to be able to legally request this and I am doing so and will continue to do so. What I would like to achieve / do is to create more awareness within manufacturers _and_ users. Obviously there is not enough yet despite the effort of gpl-violations.org. So I would like to create a public archive / index / register so that users can quickly see if the device that they possess contains free software, which this is and where to find the code for it. In the long term I would like to see that manufacturers themselves "register" their devices along with the proper download links there. I have drafted up that idea very briefly as Wiki pages on my Wiki here: Open Source Register - OSDR: http://s.dpin.de/wiki/osdr This could pretty easily be extended with a database and better lookup possibilities as well as a sourcecode mirror like it is started on ftp://ftp.gpl-devices.org/ The whole Android industry is pushing out open source and free software based devices quicker than we can say "infringe". We must act. Now. Else the word will spread that free software's licenses can be ignored. We already have thousands of bad examples for this. And this frankly pisses me off - massively. On the one hand we are threatened by all kinds of so called "intellectual property" owners with patents and all kinds of FUD and on the other hand a large part of the industry, and in many cases the same that spread the IP and patent FUD, simply ignore our license and rights. And I think this is because we are not aggressive enough. I think it is time for us to stand in for our rights and stop the too friendly approach. When a multinational company pursuits an infringing third party there is no friendly talk. This directly goes to cease-and-desist plus cost notes. What do we do? We kindly ask for releasing the code... and if not, well... we may come with a lawyer - if he has the time... I don't want to be unjust here - I know Harald, Till and others have done a lot of very valuable work and fought many cases also in court. But this is just a drop of water on the growing fire and I fear that these activities are way too small to create the awareness we do need now and in the feature. My idea with the "OSDR" is that we distribute that burden on more shoulders. We are community workers. The whole free and open source software movement is based on the idea that many people work together, that work is distributed and that many people can easily contribute. The OSDR would be such a place. Everyone would be invited to contribute information on compliance or infringement. Users could easily look-up if their device is already registered, if it complies or not and if not they should be encouraged to request the fulfillment of their right at their proprietor. Ideally this should lead to a situation where a manufacturer would not dare to release a device without proper attribution and sources since he would have to fear a storm of requests (aka shitstorm :) otherwise. At the moment we are rather in the situation that manufacturers have to fear basically nothing, sanctions are rather seldom and most users are so unaware of the situation that they do not even know that they have rights that they can claim. At least this is the situation as I perceive it in the embedded and mobile industry - which is where I mostly work. As a second pitch in the same direction I would like to start a campaign for GPL/LGPL instead of Apache/BSD/MIT/... licenses. What we can observe right now is that manufacturers make devices based on open source software ignoring the free software licenses. But due to the nature of the GPL/LGPL we can force them to open up at least the GPL/LGPL parts - but not the other parts. This is especially frustrating with the many Android devices now on the market - you get the Linux Kernel, maybe the UBoot bootloader but that's about it. The rest remains, in most cases, closed. And this is perfectly legal since Android is mostly Apache or some flavor of BSD licensed. But if this continues and even grows then we will soon be in the situation that the free software is reduced to a "tool maker" for free tools for the industry that can then make products that the users have no control over. The Android situation also shows another possible danger that arises in not using enforceable licenses: it prevents community building. The whole Android development is and will be kept in the hands of Google. What will happen if Google one day shuts down the Android project? Or even worse if they decide not to publish new code anymore? If this becomes the new standard in the industry then free software and open source software will severely get into trouble. I do not want to be overly pessimistic here, but I see a severe problem coming up. And I think we can do something about it! By promoting two things: a) If you use free software, you *must* comply to the terms it comes with. b) GPL/LGPL is the license of choice if you start a new project. Cheers nils
