I think there is a lot.
One example:
Pix Link
http://www.pix-link.com/Home
But you visit official website and you see no trace about OpenWRT source code they use.
is it so hard for them open a github page? Western states shouldn't do mandatory that hardware sold with OSS publish the source code and respect the license? Customs are just to earn money through taxes?
What can be done?
There are many many vendors who make forks of OpenWrt and then make proprietary changes to support their specific devices for sale on the regular commercial market.
Technically, many of these companies may be violating the OpenWrt license terms. The project as a whole would have an overwhelming amount of work (and legal expenses) if it attempted to enforce the license terms with all potential violators. This just isn't practical in most circumstances. The license terms can be leveraged for legal action if it is ever truly necessary, but I would imagine that the project leadership would be very selective about which specific violations are worth enforcing because of the logistics involved.
The same to common customers who want to access source code, who can afford a lawyer just to, for example, access the telnet session of a 20 bucks router? And even if you can afford, if it's a Chinese company you can do nothing from a foreign western country.
And I guess low specs cheap routers doesnt interest to OpenWRT project, because even if they release the code, it's unusable with full modern openwrt dist, and only can run those tiny customs modifications.
But I think it should be mandatory at customs office, if you want to import hardware with OSS gnu licenses, then the manufacturer must release the code modifications or the package come back to seller, and that way no a single one manufacturer would "forget" publish the source code modifications.
This is not entirely true. Even lower end devices are useful to OpenWrt users, and where possible, they are often added.
Also, it is important to distinguish between devices that use closed source driver code for critical hardware (such as wlan and CPU chipsets) vs those that use supported/supportable chips but create their own custom high level features. Closed source drivers are typically closed from the chip vendors, requiring precompiled blobs to be included in the vendor firmware for those routers, and seriously complicates official OpenWrt support. But, as long as the hardware has FOSS support, OpenWrt can often support the devices in question.
FWIW, many of the same enforceability issues are present for a lot of open source software projects, so this is not unique to OpenWrt -- the only difference here is that there may be additional complications on the hardware front.
This is obviously extraordinarily complicated and would involve world-wide cooperation and enforcement. The only way that this even happens within any individual country is when laws are passed to codify the terms, and that is not something that any small open source software team can typically influence (you'll see major corporations involved since they have the money and the motivation to affect these laws, but this is still hard).
Correct me if I'm wrong but I think currently there is not officially supported hardware of less 16 MB RAM. But there are manufacturers with OpenWRT modifications that runs on those platforms and they dont release the source code as they should do.
So OpenWRT project wouldn't be interested in ask the source code of that hardware, because it never will run openwrt main dist current or future (but as user I'm interested, even if I can't run the standard openwrt dist)
I think most of those manufacturers just custom the firmware to change web gui appearance and things like that, and remove unused packages, I posted as example one of most blatant who keep OpenWRT gui, but think in others routers who change all the web-gui, it would be needed hardware reverse engineering to discover that it's running Openwrt (read eeprom and so on), and maybe those are the 90% routers that are sold currently in aliexpress, a clearly abuse of GPL license.
About legislation: it's illegal hardware because they are not releasing the source code as software license says they must do.
I think the reason is that is a very recent issue.
And burocracy/laws are more slower than technology. But it's clearly illegal, it should be forbidden import those hardware as the manufacturer dont release the source code, like it's illegal import hardware without obbey telecommunications regulations.
EU has changed recently legislation to do mandatory USB-C chargers of smartphones, they could update this issue too.
I think, you are writing about a very "foggy" issue here, which not only concerns imported hardware. But also regards to hardware/software, produced within EU itself. For example, teltonika uses a lot of openwrt stuff, and even provides some sources for it, as far as "official" openwrt is concerned. However, there are a lot of "private" extensions without sources provided, which make it impossible, to build a working firmware image from source. You need to use their equivalent of imagebuilder. Or, look at mikrotik. Do they offer ANY sources, although I bet, lot of open source licensed stuff used by them ?
8MB flash and 64MB RAM is the minimum supported at this time by OpenWrt 22.03.
I don't know what the specs are of the lowest end routers being produced these days... it's possible that there are some with 16 or 32MB of RAM. But that would be extremely low end and they'd have to run on a fork of a much older version of OpenWrt.
With drivers and other low level stuff for really low end hardware, it's true that it wouldn't be trivial (if even possible) to integrate into modern OpenWrt if the kernel they are using is super old, but it's moot if you can't even run a modern version on that hardware anyway. And that assumes it can be open sourced anyway.... depending on the situation, that may or may not be possible.
GL-iNet is a good example of a company that uses a highly customized version of OpenWrt... they do much more than just re-skinning the OS... enough is changed that it will fundamentally behave differently that official OpenWrt. But, many of their devices use hardware that is supportable by OpenWrt, so those models are often (eventually) supported by the project.
As a cyclist, there is a saying I hear/repeat frequently when dealing with bad/inconsiderate drivers: it's better to be right than dead. It's not worth engaging when there is little-to-no return on investment and/or other potential consequences. In general, what does OpenWrt have to gain by threatening commercial entities with legal action and import bans.... it may be legally merited, but it doesn't really benefit the project unless there is a very specific set of circumstances.
Feel free to bring up this when you're speaking with your elected officials -- maybe you can convince them to legislate (or enforce) applicable laws.
And then it backfires on us with secured encrypted flash write protection so we can’t install OpenWrt on anything in the future.
But “hey, we won”.
EU…yea we have strong outer border import protection. But on inside of the outer border everything is allowed as long as the CE mark is there to be seen.
And we still have to see first if and when Apple actually applies to the usb-c law?
But when single companies like Apple backed by the US gov goes to fight the EU over a USB-C connector. And Huawei and the other Chinese telecom manufacturers are being blocked by the EU and USA for not showing the firmware. What are hobby projects like OpenWrt supposed to do with our legal resources when someone use our opensource firmware?
EVERYTHING!
And Ubiquiti is one of the most egregious offenders
Yep. I took possession of a Unifi AP-LITE a year ago and requested the GPL source on receipt and monthly since.
SILENCE
Not a single one customs office of this world would accept import computers with fake Windows license, but all accept import routers of manufacturers who dont respect OSS licenses, I think it's not fair.
I have. Good Luck!!!
Federal Incumbent local constituent office on gl-inet device. 2 opposition members vying for election running TP-Link and Huawei devices.
To a man/woman, each doesn’t understand the issue and frankly don’t care. As far as they are concerned they are following the guides established. Ergo we only use current MS and Virus software to ensure your data is secured
From my incumbent “the government would not knowingly employ any software from some guy sitting in a basement*.
They cannot reconcile in their own mind that their devices use Open Source Software written by some guy sitting in a basement. The guidelines wouldn’t allow that.
Couple of comments:
"Technically, many of these companies may be violating the OpenWrt license terms."
More pertinent is that OpenWrt is based on the Linux kernel and per the GPL v2.0, all derivative works must publish source code.
The Free Software Foundation acts on GPL violations reported on FSF-copyrighted code. Thus, if the program includes code that is copyright Free Software Foundation, please send your report to license-violation@gnu.org.
The Free Software Foundation is not toothless, they honcho'd the lawsuite against Cisco that eventually lead to the release of the Linux based Linksys WRT54 which made OpenWrt possible.
https://en.wikipedia.org/wiki/Free_Software_Foundation,_Inc._v._Cisco_Systems,_Inc.
There are two things that play into this. Some SoC manufacturers, specifically MediaTek, provide development boards for their new chipset. With it comes an Older OpenWrt source.
If a manufacturers bases a new router on that particular chip, they typically do not start from scratch but insert branding and interface features like VPN's into the source Mediatek provides.
What I think would be the strongest case would be for OpenWrt to enforce it's build tree. It represents a huge amount of work (value) and the freeloading manufacturers would be dead in the water without it.
One simple question:
Does somebody know ONE single manufacturer of routers sold in Aliexpress that publish the source code of their openwrt mods?
Big Chinese companies like Huawei respect OSS licenses and they publish the source code when they use https://consumer.huawei.com/en/opensource/
Very well done and that should done by all.
But small companies ignore requests and do nothing. I guess they are afraid of local competitors copying their work.
I think it's a work to be done by Customs office, send back all hardware that doesnt respect software licenses and in a matter of weeks serious companies who respect licenses will be richer and the rest will imitate if they dont want to bankrupt.
Publish the code isn't enough, upstream the code is the right thing to do, I'm talking the drivers, dts, uboot, to run vanilla OpenWRT.
If they modify their gui or have addons in their OpenWRT based distribution they can keep closed.
so the users can choose what can run in their routers.
I have a mix of Raspberry pi 4, Nanopi R4S and Xiaomi Redmi AC2100 routers running OpenWRT snapshots,
I tried to single out the R5S patches from FriendlyWrt, but I didn't find them.
so seems anything newer than ARM A53 based isn't ported yet to OpenWRT, but I cannot at this date justify a 100 dlls price for a R4S in aliexpress
But all of them copied OpenWRT to compete in the first place, look at the Raspberry Pi, running on many vanilla OS.
That is wrong, in terms of legal/ license compliance, publishing (the full) source is sufficient. Obviously submitting their changes upstream would be (strongly) preferred, but in terms of legal requirements, that isn't one.
For obvious reasons, I'm not a lawyer and jurisdictions around the world might see it differently - but the GPLv2 and most other FOSS licenses (including the GPLv3) only mandate source availability, not upstreaming (not that this would be legally enforceable at all, what if upstream would reject the contribution (which isn't unlikely with shoddy patches at all), would that mean the changes couldn't be distributed, of course not - and in quite a few cases there wouldn't even be /one/ upstream to choose from).
Would it help to have a 'page of shame' on the wiki, maybe with various green/red boxes for status of things like locked bootloaders, GPL vendor sources, upstreaming, firmware blobs, closed source userland etc. Then it would be clear the status of vendors, and might apply some market pressure ('XYZ Corp says they sell OpenWRT routers but look all their tickboxes are red').
When seeing OpenWRT listed on sales listings I've been initially favourable towards the product, and I think if there was such a 'screaming red flags' page I think it would cause me and similar buyers to think twice. That might encourage vendors to do something about it for fear of losing sales, rather than improbable lawsuits.
somebody would need to maintain it, as these things are subject to change.
Well, yes. That is the whole idea.