Re: more evil firmwares found
<posted & mailed>
I'm mailing Evan and redirecting to -legal, where this sort of detail
Evan Prodromou wrote:
>>>>>> "AT" == Anthony Towns <email@example.com> writes:
> Me> We wouldn't just take stuff out based on the
> Me> _assumption_ that there's a better source format, without
> Me> contacting upstream?
> AT> Yes, of course we would.
> Well, I think that's a mistake. At the very least, we should contact
> the firmware developers telling them why the stuff's coming out of
> Debian, and what they can do to get it back in.
Basically, they need to provide source code, or explain "Yes, we really
write in uncommented hex, doesn't everyone?". :-)
Of course, if they don't want to provide source code, they are within their
rights to simply provide the firmware binaries under a license which
doesn't require source (but does allow unlimited redistribution and at
least limited modification), and Debian will put it in the 'non-free'
archive, which is not part of Debian, but is at least easily accessible to
Given that the ATI firmware is distributed without an explicit license from
ATI, and the Broadcom firmware is distributed under the "GPL" without
source (which doesn't form a valid license), having definitely safe
licenses to distribute in 'non-free' would actually be a major
*improvement*. :-P Currently Debian's right to distribute these pieces
firmware is iffy, and I would really like to get it cleared up.
> I'd be very willing to help with this. If somebody has a list of
> firmware files that are getting pulled, I'd send emails or whatever.
Thank you! *That* is certainly worthwhile! I don't do that sort of thing
because I have no diplomatic skills and would probably not help. :-)
* ATI firmware: present in drivers/char/drm/radeon_cp.c and r128_cce.c
- blobs are labeled "from ATI" and appear to have been put in by the
original developers at Precision Insight (which was under contract from
ATI). Given the labelling, I'm pretty sure these are not really subject to
the copyright of the rest of the file, but given that Precision Insight was
under contract, they probably had some kind of permission to use it. You
will almost certainly need to contact ATI. The driver authors might be a
good intermediary as they might know who to contact.
- Copyright statement on driver:
* Copyright 2000 Precision Insight, Inc., Cedar Park, Texas.
* Copyright 2000 VA Linux Systems, Inc., Fremont, California.
(Precision Insight merged into VA Linux.)
- Author statement:
* Kevin E. Martin <firstname.lastname@example.org>
* Gareth Hughes <email@example.com>
- Driver is under BSD-style license. This would render the firmware legal
to distribute, except that I'm pretty sure the copyright statement is
* TG3 firmware: present in drivers/nettg3.c
- This appears to be from the original Broadcom (BCM5700) driver. It is
supposedly released under the GPL, but with no source code (which the GPL
requires), there probably isn't really a valid license for this at
all. :-P (Although 'promissory estoppel' probably makes it
- The copyright notice on the Linux 2.6 driver only mentions the driver
authors, which is almost certainly a lie (and a copyright violation):
* Copyright (C) 2001, 2002, 2003 David S. Miller (firstname.lastname@example.org)
* Copyright (C) 2001, 2002, 2003 Jeff Garzik (email@example.com)
- The original Broadcom driver is available from Broadcom's website. In
that, the firmware is in three files: 5701rls.h, fw_lso05.h, fw_stkoffld.h
- All three files contain this copyright notice:
/* Broadcom BCM5700 Linux Network Driver, Copyright (c) 2000 - 2003 Broadcom
/* All rights reserved.
/* This program is free software; you can redistribute it and/or modify
/* it under the terms of the GNU General Public License as published by
/* the Free Software Foundation, located in the file LICENSE.
- fw_lso05.h and fw_stkoffld.h additionally contain this statement of
/* Author : Kevin Tran
I'll look at others as I get to them. These were bad enough already. :-P
There are none so blind as those who will not see.