AW: Use of Debian Linux as basis of commercially dsitributed appliance box
Ian, thank you for taking the time to give us valuable advice.
We have already been in touch with our lawyer to check the circumstances of our actual application code, which also makes use of open-source software components, libraries, servers, etc. By now, I think it makes sense to also involve them explicitly regarding the Debian distribution. I just want to make sure that we're asking the right questions.
We understand that you give advice on a "good will basis" - and we appreciate that. We also understand that asking educated people on a mailing list is not a substitute for getting specialized legal counsel.
Thanks, once more.
Mit freundlichen Grüßen / Kind regards
Dairy Health and Farm Management
BU Dairy & Farm Equipment
GEA Farm Technologies GmbH
GEA Farm Technologies
Tel. +49 2383 937-298, Fax +49 2383 938-298
Von: Ian Jackson [mailto:firstname.lastname@example.org]
Gesendet: Montag, 28. Juli 2014 19:17
An: Renner, Clemens
Cc: email@example.com; Schiefer, Werner
Betreff: Re: Use of Debian Linux as basis of commercially dsitributed appliance box
Renner, Clemens writes ("Use of Debian Linux as basis of commercially dsitributed appliance box"):
> --- 8< ---
> We like Debian and want to use it as the underlying OS for building an appliance box for our customers (one of the keywords seems to be "vertical market").
> Do we need to take special care to comply with the Licenses involved in the standard Debian distribution, i.e. Kernel and "main" (as in "not contrib, non-free") packages?"
> --- >8 ---
There are a number of other concerns which might be relevant. Here is a non-exhaustive list:
You should make sure that you are able to know exactly which source code was used to make any specific binary, and identify that for the users, so that the users are able to download the actual corresponding source code for the binaries in the applicance.
You need to include your image build systems in the source code.
The above two principles mean that your builds should be automated and reproducible, not some kind of ad-hoc thing thrown together from the command line by your `build person'.
You should NOT take any measures to stop users from running modified versions of the software on these applicances. For example, cryptographic signatures checked by the bootloader which prevent the user from installing their own version.
You need to permit users to reverse-engineer the system.
If any of the above are problems for you, then you will need to avoid some or all of the software in Debian; we don't check the licence for suitability for activities which don't conform to these (and various
Also the exact scope of the applicability of these principles may depend on the particular licence of the package; some or all of the free software principles may apply to even some or all non-free parts of your system.
I think you should perhaps consult some laywers. I'm sure the Software Freedom Law Centre will be able to recommend someone.
Note that contributors to Debian (which includes me, and the others who have replied) do not intend to take responsibility for your use of the software; we check the licences for our own purposes and to serve our own principles. If your business it at stake we won't be held legally responsible for any mistakes or misunderstandings.