legal GPL Violatios for Vodafone Station ?

Discussion:

paolo delbene

2011-08-15 15:31:30 UTC

GPL Violations for Vodafone Station ?

http://translate.google.it/translate?js=n&prev=_t&hl=it&ie=UTF-8&layout=2&eotf=1&sl=it&tl=en&u=http%3A%2F%2Flab.vodafone.it%2Fforum%2Fviewtopic.php%3Ff%3D25%26t%3D21100%26perms%3Dpublish_stream%252Cuser_status%252Cread_stream%26selected_profiles%3D100001674182559%26installed%3D1%26session%3D%7B%2522session_key%2522%253A%25222.AQDehISYTKC9Kpuy.3600.1313427600.1-100001674182559%2522%252C%2522uid%2522%253A%2522100001674182559%2522%252C%2522expires%2522%253A1313427600%252C%2522secret%2522%253A%25224_k0D4rIOwp1bCBBS0YzPg__%2522%252C%2522base_domain%2522%253A%2522lab.vodafone.it%2522%252C%2522access_token%2522%253A%2522121494094535476%7C2.AQDehISYTKC9Kpuy.3600.1313427600.1-100001674182559%7C6NixR5AXwDCeUcVxp2XTauY05HY%2522%252C%2522sig%2522%253A%2522dbf2114c16b23c697557a8844af9aa69%2522%7D

shark1: on 13/08/2011, 20:24

The VS and 'based on Linux, the GPL and all the sources and modifications
must be released somewhere. For Example see B066 in /bin/busybox, strings
like /var/homegateway.conf, /dev/brcmboard that are not in the sources that
I find here: http://www.busybox.net/<http://translate.googleusercontent.com/translate_c?hl=it&ie=UTF8&prev=_t&rurl=translate.google.it&sl=it&tl=en&twu=1&u=http://www.busybox.net/&usg=ALkJrhj6i2ZMKB4rh8T9cmcgyPgcRwpTkg>
http://www.busybox.net/<http://translate.googleusercontent.com/translate_c?hl=it&ie=UTF8&prev=_t&rurl=translate.google.it&sl=it&tl=en&twu=1&u=http://www.busybox.net/&usg=ALkJrhj6i2ZMKB4rh8T9cmcgyPgcRwpTkg>

Where can I find these sources?

pittix: on 13/08/2011, 22:46

Vodafone does not release them!

shark1: on 13/08/2011, 23:21

How is it 'possible? It 'not illegal to release sources.

Stephen: on 13/08/2011, 23:31

There's nothing illegal.

Who created code is NOT required to disclose it for free.

It 'time to end this story of free software.

Clear that if a program for fun and leisure times with the steady paycheck
somewhere .

no problem, but if one does it for work and 'fitting that his efforts are
rewarded.

shark1: on 13/08/2011, 23:49

Maybe you did not understand. If you take someone else's work and there 'a
license that says what you can do with this software, you must follow.

Otherwise so happens':
https://secure.wikimedia.org/wikipedia/
...<https://secure.wikimedia.org/wikipedia/en/wiki/BusyBox#GPL_lawsuits>
https://secure.wikimedia.org/wikipedia/
... <https://secure.wikimedia.org/wikipedia/en/wiki/BusyBox#GPL_lawsuits>
L_lawsuits<https://secure.wikimedia.org/wikipedia/en/wiki/BusyBox#GPL_lawsuits>
L_lawsuits<https://secure.wikimedia.org/wikipedia/en/wiki/BusyBox#GPL_lawsuits>

Stephen: on 13/08/2011, 23:53

In Italy (but also in the European Union) apply the laws and jurisprudence
of their country NOT the USA.

I do not think that in Italy there are laws that oblige those behaviors.

shark1: on 14/08/2011, 00:08

"In Italy (but also in the European Union) apply the laws and jurisprudence
of countries NOT on the U.S."

In fact:
http://gpl-violations.org/news/20060922-dlink-judgement_frankfurt.html

cheers: Paolo Del Bene, Paul Of The Good, Paul Von Gut

Henrik Nordström

2011-08-15 22:30:00 UTC

Permalink

Post by paolo delbene
GPL Violations for Vodafone Station ?

Interesting discussion. And yes the license do require them to provide
complete sources of any modified GPL components such as busybox or the
linux kernel.

Now for the dreaded question, was there a written offer for GPL source
in the box?

Not that it really changes anything for Vodafone, but do you know who is
the actual makers of the Vodafone Station? I would assume it's a branded
& customized version of some other manufactures router. A google search
seem to indicate Vodafone have banded two Huawei routes for this
product, both HG553 and HG556a?

Regards
Henrik

Angus Gratton

2011-08-16 00:17:52 UTC

Permalink

Post by Henrik NordstrÃ¶m
Not that it really changes anything for Vodafone, but do you know who is
the actual makers of the Vodafone Station? I would assume it's a branded
& customized version of some other manufactures router. A google search
seem to indicate Vodafone have banded two Huawei routes for this
product, both HG553 and HG556a?

FWIW, Huawei seem to have made source publicly available for HG553:

http://forum.huawei.com/jive4/thread.jspa?threadID=324322

(Although not on their Download Centre where they post some other GPL
sources, but on their forum. Odd.)

And, according to Vodafone New Zealand, Huawei include an offer for
source in Vodafone's package of the HG556a in that country:
http://forum.vodafone.co.nz/topic/7693-hg556a/

I assume an offer for source from the OEM is sufficient in the case of
an OEM product. Although if it's rebranded, I don't know for sure
(perhaps in that case Vodafone would be bound by 3(b) not 3(c) and need
to make the offer themselves, although IANAL and it seems like splitting
hairs in cases where -someone- is offering the source code for the
product.)

No doubt the situation in Italy could be different to these, Henrik is
of course right to ask if an offer is included.

- Angus

Ian Stirling

2011-08-16 05:33:36 UTC

Permalink

Post by Angus Gratton
I assume an offer for source from the OEM is sufficient in the case of
an OEM product.

When you distribute a binary commercially, you need to either supply
source with the binary, or a written offer.
Pointing at a third party (like the OEM) is not OK - because that would
only be an option if your distribution was noncommercial.

The fact that there is source 'out there' for a binary not affect
your obligations when you distribute it at all.

Angus Gratton

2011-08-16 06:06:41 UTC

Permalink

Post by Ian Stirling

Post by Angus Gratton
I assume an offer for source from the OEM is sufficient in the case of
an OEM product.

The last time this came up it was actually me saying the very things you
say here, and people with more legal knowledge than me pointed out that
there are differing degrees of the extent to which resellers or
redistributors are subject to the GPL's redistribution terms.

For instance, your telco sells you an Samsung Android phone but the
offer for source in the box comes from Samsung, not your telco. AFAIK no
telcos anywhere in the world are making their own offers for GPL source
code with Android phones, they're reselling a product as it comes to
them from the OEM (HTC.)

This is even the case where they might have customised the product a bit
by including their own branding or themes.

In the case of Huawei/Vodafone Italy, it's unclear how much Vodafone
have rebranded the product and (as I said myself when I posted) it might
be different if they've rebranded, but if it's the same product -and- it
has a valid Huawei offer for source in the box (big -if-) then it would
seem to me that's not a glaring violation.

Post by Ian Stirling
The fact that there is source 'out there' for a binary not affect
your obligations when you distribute it at all.

"Out there" in at least one of those examples constituted a written
offer for source from the OEM, in the box with the product.

And the "FWIW" I preceded the examples with was meant as such - I'm not
saying it's compliant, I'm just pointing out that Huawei do seem to be
at least trying to do the right thing around this line of products -
which seems noteworthy when many OEMs don't, thereby hamstringing any
further efforts at compliance.

- Angus

p***@shark1.sbrk.co.uk

2011-08-16 06:16:34 UTC

Permalink

Post by Angus Gratton
In the case of Huawei/Vodafone Italy, it's unclear how much Vodafone
have rebranded the product and (as I said myself when I posted) it might
be different if they've rebranded, but if it's the same product -and- it
has a valid Huawei offer for source in the box (big -if-) then it would
seem to me that's not a glaring violation.

It is extensively rebranded by vodafone. In the original firmware, you
can configure almost everything. The vodafone firmware doesn't even
allow you to change the SSID and WPA-KEY, let alone change ADSL
parameters, disable TR-069 or whatever.

However, the rebranding appears to be done by Huawei as far as I can
see. If I look in the strings of /bin/busybox, I see:
/home/chenweiqing/italy/baseline/C06B066/HG553V100R001C06B066/userapps/broadcom/cfm/util/psi/board_api.c
HG553V100R001C06B066 is the Italian Vodafone firmware version and
Chen Weiqing appears to work for Huawei:
http://www.spoke.com/info/pBhebzx/ChenWeiqing

Paul

Joseph Heenan

2011-08-16 13:30:26 UTC

Permalink

Post by Ian Stirling

Post by Angus Gratton
I assume an offer for source from the OEM is sufficient in the case of
an OEM product.

The exact text (GPLv2) is "Accompany it with a written offer, valid for
at least three years, to give any third party, for a charge no more than
your cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or, "

It would seem to me that having a commercial arrangement with a third
party to provide the source access (and that third party actually
providing the source when asked to do so), and including an offer to
that effect, would be both legally acceptable and also compliant with
the spirit of the license.

Joseph

Henrik Nordström

2011-08-16 17:19:36 UTC

Permalink

Post by Angus Gratton
I assume an offer for source from the OEM is sufficient in the case of
an OEM product. Although if it's rebranded, I don't know for sure
(perhaps in that case Vodafone would be bound by 3(b) not 3(c) and need
to make the offer themselves, although IANAL and it seems like splitting
hairs in cases where -someone- is offering the source code for the
product.)

It's sufficient, but not escape from the three years clause. You (i.e.
Vodafone) really need to make sure you have GPL source copies of the
versions you have shipped to customers (including upgrades pushed by
you).

Regards
Henrik

p***@shark1.sbrk.co.uk

2011-08-16 06:07:56 UTC

Permalink

Hi,

sorry to break the threading, but I only just subscribed after a message
I posted on Vodafone Italy's forum was posted here.

There is a written offer in the box (in English only) that contains (apparently)
identical text to that written here:
http://forum.huawei.com/jive4/thread.jspa?threadID=324322
However, the sources on that thread are perhaps some generic sources for
the HG553, but definitely nothing even close to those released by Vodafone,
or at least nothing released by vodafone in the last couple of years.

The current kernel for the HG553 for Vodafone Italy is 2.6.21.5
not 2.6.8.1 as on that link. When the kernel was 2.6.8.1 (last release)
the binaries contain all sorts of strings referencing files in /var and /dev
that are nowhere in the Huawei source code.

Anyway, I've sent an email to ***@huawei.com asking for the source
code for the currrent B066 firmware for the HG553 matching the strings in
busybox and kernel 2.6.21.5

Paul

Henrik Nordström

2011-08-16 17:27:36 UTC

Permalink

Post by p***@shark1.sbrk.co.uk
There is a written offer in the box (in English only) that contains (apparently)
http://forum.huawei.com/jive4/thread.jspa?threadID=324322
However, the sources on that thread are perhaps some generic sources for
the HG553, but definitely nothing even close to those released by Vodafone,
or at least nothing released by vodafone in the last couple of years.

What is archived in that thread is irrelevaqnt. Archived material by
nature get stale. How the contact appointed in the written offer
responds is all that matters.

Regards
Henrik

p***@shark1.sbrk.co.uk

2011-08-16 17:51:12 UTC

Permalink

Post by Henrik NordstrÃ¶m

What is archived in that thread is irrelevaqnt. Archived material by
nature get stale. How the contact appointed in the written offer
responds is all that matters.

My initial query was on the vodafone forum as I assumed/hoped that
it was an already answered question. I didn't actualy notice the GPL
offer notice until yesterday. I guess I would be a bit surprised if
nobody has asked this question in the last 2 years.

Anyway, I await Huawei's response. Hopefully it's positive.

Paul

p***@shark1.sbrk.co.uk

2011-08-26 09:29:20 UTC

Permalink

Post by p***@shark1.sbrk.co.uk
Anyway, I await Huawei's response. Hopefully it's positive.

Response received:

"our R&D dept is preparing the source code for you , we will provide it for
your in the form of FTP when the process is finished , it might take some
time ,we have some inner procedure

need to pass before we could provide it to you . We hope you could
understand"

Paul

p***@shark1.sbrk.co.uk

2011-09-07 12:06:35 UTC

Permalink

Post by p***@shark1.sbrk.co.uk
"our R&D dept is preparing the source code for you , we will provide it for
your in the form of FTP when the process is finished , it might take some
time ,we have some inner procedure"

Source code received. It's a bit odd in that the archive they supplied contains
binaries that don't correspond to the source code, but the source code does
appear to be similar to what I have on my router. I'll clean it up and make
it available somewhere.

Paul

Armijn Hemel

2011-09-07 12:16:58 UTC

Permalink

Post by p***@shark1.sbrk.co.uk

Source code received. It's a bit odd in that the archive they supplied contains
binaries that don't correspond to the source code, but the source code does

Not really odd. Many devices seem to start out as something else, so you
often have leftover binaries in there from a different device, that just
happens to have similar hardware.

But, yes, it is a bit ironic that a GPL source code release from vendors
often contains much crap that introduces new license violations that are
completely unnecessary and would have been prevented by a "make clean"
or a similar command.

Post by p***@shark1.sbrk.co.uk
appear to be similar to what I have on my router. I'll clean it up and make
it available somewhere.

Please make sure that you strip it of things that you are not allowed to
redistribute (proprietary components, etc.). You don't want to get into
trouble yourself.

armijn

--
------------------------------------------------------------------------
***@gpl-violations.org || http://www.gpl-violations.org/
------------------------------------------------------------------------

p***@shark1.sbrk.co.uk

2011-09-08 07:51:11 UTC

Permalink

Post by Armijn Hemel
Please make sure that you strip it of things that you are not allowed to
redistribute (proprietary components, etc.). You don't want to get into
trouble yourself.

I started doing that by retrieving the original packages and producing
diffs against them such that I'd end up with a minimal script to produce
the end results that Huawei sent me. However, it's evident that these
sources can't be used to recreate a firmware image.

hg553/userapps/opensource/ftpd/README:
bftpd documentation
written by Max-Wilhelm Bruker <***@gmx.net>
hg553/userapps/opensource/ftpd/COPYING:
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

$ diff -urN bftpd/main.c ftpd/main.c
...
-int main(int argc, char **argv)
+int bftp_main(int lPort)

This has been converted from standalone to a library and has been embedded
in the proprietary binary cfm:

$ strings ./hg553/targets/96358GWV/sstrip/bin/cfm|grep bftp_main
bftp_main

Could someone suggest the wording for me to request GPL compliance?

Paul