License compliance?

Let's assume I created a copy of the OpenWRT firmware for a common router and removed all the logos and references to OpenWRT. I host all the packages locally and then develop a few custom packages based on existing packages and a few are built from scratch. I do not make the files or the modified firmware available.

Am I violating anything license wise by:

  • Not crediting OpenWRT?
  • Not making derivative code available?
  • Not making the modified firmware available?

With the caveat that I am not a copyright attorney, GPL typically talks about distribution, meaning that the software is transferred to another (even if you give the router to someone else, even without renumeration). If, in fact, you only use the router yourself, then arguably you are not distributing the software. If anyone else has the router in their possession, or obtains packages from your server, then you are distributing it and, in my opinion, subject to the GPL requirements.

Further, GPL isn't the only license associated with the OpenWrt system. Even without distributing the software, you may be in violation of the various other licenses, such as BSD-style, MIT, Apache, Eclipse, and many others.

In short, yes, you are almost certainly violating one or more of the licenses involved.


And that answers my other question - what if I sell it as a commercial product?

Keep in mind that you will not get valid legal advice on this forum (or better not in any forum); go ask a lawyer specialized in these issues, or just not do legally unclear things in the first place. This is not to dismiss @jeff's helpful answer, just to make it clear that no advice given here is a bullet proof legal position....


As a commercial product you would almost certainly be in violation of most of the licenses, not just GPL. I would urge you to obtain formal legal counsel as well as appropriate liability insurance before you undertake anything even close to the path you’ve outlined.


Agreed and I'm not sticking my neck out on "internet lawyer" advice.

You likely need to to provide your source code, as GPL requires. Just like the big boys do. (They do not do that just because they are so nice :wink: )

Quite many of the major OEMs like Netgear, Linksys etc. use firmwares that are based on the old OpenWrt versions, although that is hidden from the end-user GUI. And they all (or at least most of them) provide sources (at least in theory), like in


Yeah, that's what I figured and this isn't actually about me wanting to follow the path I've outlined - I might have found something out of compliance.

1 Like

I suspected as much. That's a nice example, thanks.

1 Like

Short answer:
You will get a legal beating.

Even shorter answer:
I will give you a beating.

Even shorter answer:
You will be hated.

Maybe off-topic but you could be talking about the chinese's "custom" firmwares based on openwrt or ubiquity. They also use their own gui but leave the standard one accesible. Not ubiquity though, their gui sucks. It gets worse, less mobile browser-compatible and more bloated with each new version release.

It's common to see the chinese manufacturers and some community firmware promoters hide "easter eggs" like anti-features and binary blobs in order to do fun things like open backdoors or let their binary blobs traverse firewalls and send interesting data to "government-sponsored" corporaciones in Beijing.
One nice example is the software used on all the spy cameras from china and the apps to control them.
Things like that and the whole IoT world need to be isolated as guest devices on a segregated subnet or vlan.

There needs to be an neutral opensource way to scrutinize firmware that is based on open source and then pinpoint malicious firmware "authors" in order to expose them as serious network vulnerabilities (ratz) to the community of users, especially users who run production networks, like myself.

1 Like

As far as BSD goes it pretty much says as long as you credit X you're fine.
A quick overview and discussion about it....

Pretty close, as I interpret the common clause in BSD-style licenses:

Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.

This is often handled by including a copy of licenses in a compressed tar file for products that don't include source code. For example, the Android build system does just that for each ROM built.

LOL -- "I met Stallman. [...] If that's genius, I don't want to be that smart." Funny, I had exactly the same reaction when I was there myself.

@betelgeux, there are some pretty ridiculous mentalities here.

what you need is just to fork LUCI with a more simple web front end that is your brand as OEM.

you don't need to worry about crediting anything from those screens. you don't need to give ssh access. you don't need to give away your modified firmware. you don't need to make your code contributions available.

i could use something similar if you haven't solved this, i would be willing to help. nobody will hate you, this is the same thing as Open-Mesh, probably Ubiquity, etc.

1 Like

For anyone else reading this, the above post is, at best, uninformed.

For GPL 2 alone the following statements are trivially provable violations of terms of license and, as such amount to theft of intellectual property

  • you don't need to worry about crediting anything from those screens
  • you don't need to give away your modified firmware
  • you don't need to make your code contributions available.

Note also that clearly states

You may not post descriptions of, links to, or methods for stealing someone’s intellectual property (software, video, audio, images), or for breaking any other law.


You crybabies censored my post for telling this guy the truth. You go onto an airplane and watch a video, and when it boots you see X come up and it is running Linux. You aren't displaying the GPL notice and crediting Linux Torvalds with a copyleft notice when the video player runs. You run Android and the first thing that pops on the screen is not a Penguin and a copyright notice going to

If you are creating a service or a product, the whole point of the GPL is that it is your right to use it. The user doesn't need to see all the gory details to run your application. Jeff, you are at best an alarmist.

This guy wants to give people a clean interface to control basic router functions. He can damn well fork GPL LUCI and put his simple interface to control basic router functionality without giving users all the gory details about each OpenWRT copyright component. He can distribute his product all he wants! He does not need your permission, just because you want to call him a thief.

Nobody is talking about removing the embedded copyright notices. Nobody has to give ssh access to his firmware for his product. He can distribute it as much as he wants. If he is distributing proprietary mods to his firmware, he does not have to share them. Do you see Ubiquiti and Google distributing their mods for UNMS or 802.11s for public scrutiny? They are probably using OpenWRT in there anyway to a substantial degree in their products. It is their right. That is what the GPL is.

You are trying to violate my human rights for expressing my opinion about this guy's question. The United Nations 1948 Universal Declaration of Human Rights states: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference, and to seek, receive, and impart information and ideas through any media regardless of frontiers"

Just because you are accusing me of advocating theft does not mean that what I am saying is theft in any recognizable way, shape or form. You are an extremely poor judge and jury of basic concepts related to the production of products related to underlying GPL components.

1 Like

[this will be my first and final involvement in this thread, as I don't feel qualified to provide legal advice]

strusty, IANAL and I don't have the slightest motivation to start armchair lawyering here, but your interpretation of the primary licenses involved here differs quite a bit from more common interpretations[0], [1], including those of many of the companies you quote or precedent set in several jurisdictions. So if you're advocating to disregard the more common interpretations, it would be a good idea to ask a copyright lawyer within your own jurisdiction[2] first, to back up your statements. Given that you seem to be quite keen on international conventions and treaties, I might suggest to read up on the Berne Convention from 1886 as well.

Dragging human rights into this isn't really helping your case either, as it's a display of gross misinterpretation again. Yes, if you go to Hyde Park's corner, town hall place, your own blog[3] or your own lawn, no one would be allowed to silence you[4], but that doesn't imply that anyone would be forced to tolerate you reciting your opinions on their own lawn. Owners and administrators, or whoever they delegate this responsibility to via community flagging, of this forum instance have every right to execute their prerogative which content to publish -or not[5]. You can ask them to reconsider or override potential community flagging, but the decision is up to them, not you.

[0] regardless of correct or incorrect, that would be something for a court of law to decide. A blank free pass to "ignore the license terms" would be a rather bold expectation, while granting the same amount of source access you've been given for your derived works might be considered a relatively 'safe' option (and jurisdictions might even disagree here).
[1] e.g. interpretations may differ in the distinction between "mere aggregation" and "derived works", respectively "independent works based on common interfaces" or what "distribution" means in the first place. This would be something to ask an intellectual property lawyer, but at least at first glance, the OP's question don't even get as far as these potential corner cases.
[2] it would also make sense to reconsider to which extent your legislation and the hypothetical advice of your lawyer considering the given situation put before them applies to others, under different circumstances and/ or different legislations.
[3] depending on the actual contractual obligations between the parties involved, your hoster isn't necessarily forced to keep hosting your blog though, if they disagree.
[4] and even that isn't universal or absolute, as local legislation might come with additional restrictions, such as -among others- content, volume, timing or form.


Without the GPL we would not be here. As stated, not all code is under the GPL. Proprietary code is subjective, without transparency. The fundamental purpose of the GPL is mutual benefit which leads back to the OP's question.

If your use for the product NOT of a distributed nature ... then IMHO, this is a one hand clapping situation.

When you distribute you need to attribute. Simple.


@slh, that is a really cool response, if this was Facebook I would add you as friend.

We are talking about, as far as I can tell, distributing a Product, not source code. Or, it may be a Service.

There is no requirement to distribute the source code to your product- if there was we would all have Google and Ubiqiuiti's source code to their wifi products.

There is no requirement to display copyrights and logos when the user is using your product. There is no requirement to distribute source code to a user that is using your product. There is no requirement to put copyright notices on a control panel to help a user use your product.

What exactly are you saying I am missing here? That is all this user really wants to do. He is not even clear what he is asking, I am clarifying for him. You cannot tell me that giving a user access solely to a very reduced modified LUCI web interface with simplified items requires extensive representations of attribution for the underlying system components.

For that matter, forget LUCI, you can write your own HTML-based form for modifying the contents of /etc/config/network et al. That is all the user ever needs to see. You can give him OpenWRT underneath, you can shut off sshd, you can not give him the source code because god knows how many even have the source themselves who are freely using it.

This satisfies all this user's wishes with no violation of any license.

Tell me this is not true.