License compliance?

#1

Let's assume I created a copy of the OpenWRT firmware for a common router and removed all the logos and references to OpenWRT. I host all the packages locally and then develop a few custom packages based on existing packages and a few are built from scratch. I do not make the files or the modified firmware available.

Am I violating anything license wise by:

  • Not crediting OpenWRT?
  • Not making derivative code available?
  • Not making the modified firmware available?
#2

With the caveat that I am not a copyright attorney, GPL typically talks about distribution, meaning that the software is transferred to another (even if you give the router to someone else, even without renumeration). If, in fact, you only use the router yourself, then arguably you are not distributing the software. If anyone else has the router in their possession, or obtains packages from your server, then you are distributing it and, in my opinion, subject to the GPL requirements.

Further, GPL isn't the only license associated with the OpenWrt system. Even without distributing the software, you may be in violation of the various other licenses, such as BSD-style, MIT, Apache, Eclipse, and many others.

In short, yes, you are almost certainly violating one or more of the licenses involved.

3 Likes
#3

And that answers my other question - what if I sell it as a commercial product?

#4

Keep in mind that you will not get valid legal advice on this forum (or better not in any forum); go ask a lawyer specialized in these issues, or just not do legally unclear things in the first place. This is not to dismiss @jeff's helpful answer, just to make it clear that no advice given here is a bullet proof legal position....

4 Likes
#5

As a commercial product you would almost certainly be in violation of most of the licenses, not just GPL. I would urge you to obtain formal legal counsel as well as appropriate liability insurance before you undertake anything even close to the path you’ve outlined.

2 Likes
#6

Agreed and I'm not sticking my neck out on "internet lawyer" advice.

#7

You likely need to to provide your source code, as GPL requires. Just like the big boys do. (They do not do that just because they are so nice :wink: )

Quite many of the major OEMs like Netgear, Linksys etc. use firmwares that are based on the old OpenWrt versions, although that is hidden from the end-user GUI. And they all (or at least most of them) provide sources (at least in theory), like in https://www.linksys.com/us/support-article?articleNum=114663

2 Likes
#8

Yeah, that's what I figured and this isn't actually about me wanting to follow the path I've outlined - I might have found something out of compliance.

1 Like
#9

I suspected as much. That's a nice example, thanks.

#10

https://www.gnu.org/licenses/gpl-violation.en.html

1 Like
#11

Short answer:
You will get a legal beating.

Even shorter answer:
I will give you a beating.

Even shorter answer:
You will be hated.

#12

Maybe off-topic but you could be talking about the chinese's "custom" firmwares based on openwrt or ubiquity. They also use their own gui but leave the standard one accesible. Not ubiquity though, their gui sucks. It gets worse, less mobile browser-compatible and more bloated with each new version release.

It's common to see the chinese manufacturers and some community firmware promoters hide "easter eggs" like anti-features and binary blobs in order to do fun things like open backdoors or let their binary blobs traverse firewalls and send interesting data to "government-sponsored" corporaciones in Beijing.
One nice example is the software used on all the spy cameras from china and the apps to control them.
Things like that and the whole IoT world need to be isolated as guest devices on a segregated subnet or vlan.

There needs to be an neutral opensource way to scrutinize firmware that is based on open source and then pinpoint malicious firmware "authors" in order to expose them as serious network vulnerabilities (ratz) to the community of users, especially users who run production networks, like myself.

#13

@jeff
As far as BSD goes it pretty much says as long as you credit X you're fine.
https://youtu.be/cofKxtIO3Is?t=590
A quick overview and discussion about it....

#14

Pretty close, as I interpret the common clause in BSD-style licenses:

Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.

This is often handled by including a copy of licenses in a compressed tar file for products that don't include source code. For example, the Android build system does just that for each ROM built.

LOL -- "I met Stallman. [...] If that's genius, I don't want to be that smart." Funny, I had exactly the same reaction when I was there myself.