The pain of the GPL
07 August 2010For my job I am currently about to prototype an embedded product. Although my preference is for Linux (Slackware specifically) because that is what both myself and the company are familiar with, I have doubts about whether a (full) source release can be avoided (not my choice) without violating the GPL. This is because Linux itself is using stock binaries (so a source release would not actually contribute anything to the FOSS community), and the product being produced is not intended to be user-modified. Ultimately I concluded that the best thing was to avoid the GPL.
Clearly users need to be stopped from copying the business logic (i.e. the application program code that gives the product its life) onto third-party hardware, as allowing users to transplant the firmware would seriously undermine the company business model. My personal view is that as long as users are buying the hardware units and they are not transplanting this business logic (which can be hardware-locked separately anyway), then we don't care about them voiding their warranties with home-brew kernel upgrades. The company view is that users should not be able to mess around with device internals, and most likley the OS would be burned to read-only storage (this also makes it harder for sudden power outages to corrupt the device). Although this would amount to TiVoisation, this is permitted and hence is not an issue in itself.
With the GPL, if you make any modifications to the source code, you have to release the modified code. For stuff like kernel recompilations you would have to supply the build config. Since I was using off-the-shelf pre-compiled packages, there was no build repository for me to package up, and hence I could just point source requests at the distribution repository. I had doubts whether an embedded device could really be treated the same as a pre-installed PC, but releasing a package list (possibly packaged as a script that makes changes to a standard install) would be no major deal.
Problem: Being able to refer to upstream vendors is only permitted for non-commercial use. And even then, it is uncertain. In other words, we would also have to ship an entire source distribution, even though doing so does not actually contribute anything. And if we updated any packages we would have to build our own from source.
Leaving aside the shipping issues, the cost (in terms of my time) of constructing & testing a source release has to be compared to the cost of porting the business logic to a non-GPL OS. Given the circumstances switching to an OS such as FreeBSD is a cost-effective option as well as being a safe one.