[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?

The answer to the question in the subject is simple: NO.

This is a matter of copyright law.  If we do not have permission to 
distribute, it is illegal to distribute.  GPL grants permission to 
distribute *only* if we distribute source.  So, GPLed sourceless == NO 

I will list the usual caveats so that nobody else brings them up.

(1) Obviously if we have an alternate license (dual-licensing) which doesn't 
require source we can use that license.
(2) If the material is so trivial it is uncopyrightable we can obviously 
distribute it.  (The classic example is CRC tables, which contain no 
creative content beyond the CRC polynomial which is generally public 
domain.)  Likewise if it was published prior to 1988 in the US without
copyright notices, or is in the public domain for some other reason.
(3) If the copyright holder for the firmware donated the firmware to Linux
with the understanding that it would be redistributed by Debian and other 
distributors, this may constitute an implicit license to distribute.  This 
would be a case of dual-licensing, but an unpleasant one because we'd be
relying on an *implied* license.  This requires tracing down the donation of
the material to the Linux kernel and ascertaining the state of mind of the
donor (perhaps by reading press releases).  This clearly applies only to 
some of the firmware; other pieces have no such 'paper trail'.  Also, this
implicit license *does not* include a license to modify, because I've never 
seen any indication that any firmware donor intended that their
firmware be modified.
(4) If the hex lumps really are the preferred form for modification, then
we have the source and this is not a case of 'sourceless firmware'.  I have
not yet seen a case where there is any evidence that this is true.  It is,
however, theoretically possible.  If the firmware author came forward and 
said "Yes, that's the form in which we modify the firmware", this would be 
the case.

Sven Luther wrote:

> Hi debian-legal, ...
> It seems the firmware kernel issue has reached a deadpoint, as there is
> some widely different interpretation of the meaning of the GPL over
> sourceless code.
> For some background, the kernel/firmware wiki page includes both a
> proposed GR, the draft position statement by the kernel team, as well as
> an analysis of how we stand :
> http://wiki.debian.org/KernelFirmwareLicensing.
> But this is beside the point. The real problem is that there are a certain
> amount of firmware in the kernel, embedded in the drivers, which have no
> license notice whatsoever, and as thus fall implicitly under the common
> GPL license of the linux kernel. The audit from Larry lists some 40+ such
> firmware blobs.

Actually, I have to split this into two categories:
* hex lumps explicitly licensed under the GPL by the copyright holder
  (e100 for instance)
* hex lumps with no license notice
  - these may be implicitly under the common GPL license for the kernel
  - but they may also be present inappropriately, with stripped copyright
    notices and no license at all, if they were inserted into the kernel
    by someone other than the copyright holder.  This has happened at least
    once already.

> There is some claims that some of those blobs represent just register
> dumps, but even then one could argue that the hex blobs doesn't in any way
> represent the prefered form of modification, but rather some kind of
> register name/number and value pair.
(Well, perhaps the registers are numbered "0,1,2,3,4,5..."
and the values are listed in that order....)

> So, the RMs are making claims that those sourceless GPLed drivers don't
> cause any kind of distribution problem,

This is a case of the RMs not thinking clearly, perhaps.

> while i strongly believe that the 
> GPL clause saying that all the distribution rights under the GPL are lost
> if you cannot abide by all points, including the requirement for sources.


> Since i am seen as not trusthy to analyze such problems, i think to
> deblock this situation, it would be best to have a statement from
> debian-legal to back those claims (or to claim i am wrong in the above).
> Friendly,
> Sven Luther

Nathanael Nerode  <neroden@fastmail.fm>

Bush admitted to violating FISA and said he was proud of it.
So why isn't he in prison yet?...

Reply to: