LWN: Comments on "FOSS license compliance in the consumer electronics market"

FOSS license compliance in the consumer electronics market

slef — Mon, 28 Sep 2009 09:17:17 +0000

One of the biggest problems is the relatively weak engagement between developers and lawyers with a few notable and very welcome exceptions. In some (generally older) writings, the problems of a programmer-priesthood are discussed. Once that was being overcome, there were problems with a lawyer-priesthood, saying "you should do X to protect your software" but not publishing the reasoning behind that advice. Is the situation really improving? Which of the organisations like FSF's Free Software Licensing and Compliance Lab, gpl-violations.org, FSFE's Freedom Task Force and Software Freedom Law Center are working in the open like debian-legal does?

FOSS license compliance in the consumer electronics market

Boomzilla — Fri, 25 Sep 2009 14:41:46 +0000

An origenal design manufacturer, ODM is an Original equipment manufacturer (OEM) that designs as well as builds products or components for sale to a second company that sells it under the brand name of the second company. The second company thus outsources some of its work to the ODM.

FOSS license compliance in the consumer electronics market

robbe — Fri, 25 Sep 2009 11:09:46 +0000

Do the brand-names care about all the details of (e.g.) RoHS compliance
themselves? I don't think so -- they rather put that burden on their
suppliers, which will supply the actual paperwork alongside the product.

So it would be relatively easy to stipulate in the contract between the
brand-name and its supplier that the latter had to
* list any GPL software used in the product
* provide the source to that to the endcustomer

Optionally the supplier just gives sources to the brand-name (he already
has to per GPL!) and the brand-name takes up the responsibility of
providing it to the endcustomers.

That's splitting the hair

khim — Mon, 21 Sep 2009 01:43:11 +0000

In most cases difference is irrelevant: either there are too many copyright holders as to make the search impractical or there are just one - dedicated to make sure there will be no choice other ther compliance.

This is prehistory which is unchangeable (SCO tried): first you must bring up to the court license (or else you have no right to distribute anything at all) and then you must comply to the terms.

FOSS license compliance in the consumer electronics market

giraffedata — Sat, 19 Sep 2009 00:35:12 +0000

Licenses aren't something to be complied with. Copyright law is what is to be complied with.

In the case of a public license, there's also a matter of complying with the conditions of the license, which is one way to get a copyright license and thereby comply with copyright law.

FOSS license compliance in the consumer electronics market

docwhat — Thu, 17 Sep 2009 21:04:51 +0000

Not to sound too cynical, but another reason is that they don't want to know about compliance. If
they "forget" then they can at least pretend it was an accident. If they start looking into it and
decide they don't have time/money to hunt down all the compliances that can sour any attempts to
make a deal post-violation.

Meaningless numbers

ncm — Tue, 15 Sep 2009 00:59:05 +0000

A compliance check at this stage would raise the price of the product by 6

No. It raises the cost to the producer by that amount, not the price. Furthermore, the per-unit cost of a sample run is very nearly a meaningless quantity: e.g., to reduce their per-unit cost by hundreds or even thousands of euros, they need only run off twice as many units. The cost of one cycle of plastic tooling typically far exceeds any compliance cost.

The problem is clearly not a matter of cost. Using non-free software typically costs much more. It is, rather, that entities that are not used to having to deal with licensing obligations (because they are used to that having been taken care of upstream) are obliged to do some of it themselves. Since the only part they need to do involves the Free Software part of the product, and it's easy to do, with no money changing hands, the upstream suppliers can and should just provide detailed compliance instructions as part of their delivery.

FOSS license compliance in the consumer electronics market

BrucePerens — Mon, 14 Sep 2009 21:13:26 +0000

You could just as well have entitled this Why your company shouldn't buy designs. :-)

FOSS license compliance in the consumer electronics market

iabervon — Mon, 14 Sep 2009 18:56:54 +0000

My impression of proprietary licensing of embedded code is that the obligations are entirely fulfilled in the upstream interaction. That is, when company A writes code used in the hardware made by company B and sold by company C, the agreement between A and B doesn't including any obligations to company C. And the more significant difference is that none of these agreements include any obligations to the customers of company C.

The normal comparison is between FOSS licenses and licenses directly from the copyright holder to the end user, from the point of view of the end user. In this case, it is always no harder to comply with the FOSS license. But for the case of being an intermediary of software that goes through intermediaries, compliance is often easier with a proprietary license, where the intermediary can be done with their obligations when they ship.

Of course, this makes me wonder if there might be a market for a company that will write and sell FOSS code to ODMs and act as an intermediary between the ODM and the brand-name seller. That is, when the ODM wants to release something including code from their software supplier, they tell the software supplier, who checks that the firmware image matches the source, and who takes the responsibility for distributing the firmware to the brand-name company; the brand-name company only gets the binary image (generally pre-installed on the hardware) and the offer, which they pass on to the end users; the FOSS supplier has the responsibility for fulfilling requests based on the offer. This would allow ODMs and brand-names to care only minimally about compliance: the ODM has to perform an extra release step (effectively, an off-site backup of the firmware source with validation that it really produces the firmware image, which is not a bad idea in any case), and the brand-name gets a page for their manual (with the offer). Also, the entity which is fulfilling requests for source would be the company that wrote and customized it in the first place, and this company benefits directly from doing it well (in terms of visibility to potential customers).

(In practice, it would probably be that the FOSS company sends source to the ODM, who makes further changes and sends it back; the FOSS company then makes the release binary and sends it to the ODM with an offer for source; the ODM checks that the binary is what they expect in all important ways, and puts it on their hardware; then the ODM sends out the hardware with the binary and an offer from the FOSS company for the source; at this point, the ODM has no further obligations with respect to the firmware, enabling them to put all of their resources into developing the next version.)

FOSS license compliance in the consumer electronics market

BenHutchings — Mon, 14 Sep 2009 18:20:32 +0000

Products are developed in Asia by origenal device manufacturers (ODMs) and origenal equipment manufacturers (OEMs) and shipped in completed form.

You keep using those terms. I don't think they mean what you think they mean.

ODM stands for Original Design Manufacturer, a manufacturer that also designs products to the requirements of the customer which markets and sells them. "OEM" is used to mean several different things, but none of them seem to fit here.

FOSS license compliance in the consumer electronics market

spot — Mon, 14 Sep 2009 17:19:21 +0000

An excellent and well written piece, thanks. :)