GPL and closed source custom ROMs - General Topics

Hi,
I have done some search around the topic and did not find much. I would like to have your opinion on this:
Let's say that there are some ROM developer who took an open source ROM code and installed Bluz bluetooth stack that is under GPL. then released the ROM as closed source. Is this legal ? can you take some open source stuff and closed source them then distribute the binaries?
Another issue that I am wondering about, is why ROM developers never release the source code of their ROM, so others can build on top of their work? for example many TV boxes and dev boards have closed source custom ROMs. If they are giving it out for free, and they are not really after money, why not open source the thing. They usually get busy cooking a ROM for another device and they do not really care about the older one, so why not release the source code, and let others continue their work.

I want to start by saying, that if you find any closed-source ROMs that also don't release the kernel source, then it's a problem, and you should report the thread if it's on XDA. Otherwise, read on.
Now, let's take a look at how Android is licensed. The Android OS itself is licensed under the Apache Open Source License. The Apache License allows people to use, modify and redistribute the licensed code as they see fit as long as they include the Apache License in what they modified. Apache also allows someone to take open source work and make it closed source after modification, if they want. Apache is a pretty flexible license.
The confusion comes in when including the kernel. Since Android uses a modified Linux kernel, which is licensed under GPL, its kernel is also required to be licensed under GPL. That means anyone who makes an Android kernel, unless they build one from scratch, has to release the source, and under the GPL license. Manufacturers, such as LG, Samsung and Huawei, opt not to release the source for their AOSP derivative, but they're required to release their kernels (that's why you'll see the opensource.whateverOEM.com pages).
As for hobbyist developers, well, it's up to them whether or not to release their ROM source, as long as they publish their kernel source. No one can really explain why a developer would do this, except that developer. It can be annoying, especially once that ROM is abandoned, but it's in a developer's right to withhold the ROM source.
Now, for your bluez example. I don't believe it's illegal to package in GPL projects into a closed source project, given two things: that GPL project should be mention (if the closed project is a ROM) in the About>>Legal section of Settings, with a link and the license for it; and that GPL project must not be modified from the original source. If it is modified, the developer is required to release just the GPL portion. Everything else can say closed source. So no, you can't take a GPL project, modify it, and then redistribute the modified version without releasing the source. However, if it isn't modified, a link and license should be all that's needed. Neither situation requires releasing every part of the project.

Thank you for comprehensive answer. One small thing to clarify. So if Bluez and Kernel are both GPL projects, how come it is enough to have a link for the Bluez project while for the Kernel there must be a source code release? is it because it is almost always that the dev needs to modify the Kernel for their use? and once modified the code needs to be open?
Related to the topic, is how Google dealt with BlueZ.
The story of Android’s Bluetooth support is long. Android originally used the open source BlueZ stack that is common in Linux. But Google removed the bluez stack that was originally in Android because of its GPL license. Instead it decided to develop its own BlueDroid Bluetooth stack with Broadcom.
The GPL license that came with BlueZ caused all kinds of problems. GPL licensed code forces other code using it to be released under the GPL license as well. In order for Google to keep their own license for their code and avoid GPL, it had to isolate BlueZ with another process and D-BUS. This form of communication is one of the commonly accepted exceptions that allows non-GPL code to use GPL code without issues.
But the workarounds didn’t work out so well in practice. They caused a lot of overhead and extra code that wasn’t otherwise needed, which ultimately led Google to drop it. It begain developing Bluedroid when it was offered by Broadcom.
In practice this meant that starting from Android 4.2 when BlueZ was dropped, a brand new and unproven stack was used in Android Smartphones, with all the issues that come with it.
Click to expand...
Click to collapse
http://www.argenox.com/blog/android-5-0-lollipop-brings-ble-improvements/

kokonuts86 said:
Thank you for comprehensive answer. One small thing to clarify. So if Bluez and Kernel are both GPL projects, how come it is enough to have a link for the Bluez project while for the Kernel there must be a source code release? is it because it is almost always that the dev needs to modify the Kernel for their use? and once modified the code needs to be open?
Related to the topic, is how Google dealt with BlueZ.
http://www.argenox.com/blog/android-5-0-lollipop-brings-ble-improvements/
Click to expand...
Click to collapse
If the kernel hasn't been modified, only the original source needs to be available. But with Android, you usually need to make modifications.

Related

TaintDroid source code released

Hi everyone,
I apologize if if this is not the appropriate place to post this info, but I thought it would be of interest to some people here. You may have seen stories in the news recently about the privacy-monitoring extension for Android called TaintDroid that was developed by researchers at Penn State, Intel Labs, and Duke University. An excellent summary can be found on Ars Technica.
The reason I'm posting to this forum is that we are proud to have made our source code available last night. If you want to play around with the code, you can find it at the TaintDroid website (search "taintdroid appanalysis"). Along with links to the source code, you will find instructions for getting the code up and running on a Nexus One. We have also set up a Google Group for users who want to discuss anything related to the project.
Our only caveats are that we are merely researchers so 1) you use the code at your own risk, and 2) we do not have the resources to offer proper support. We hope that by releasing the code to the public a self-sustaining community of interested users will form.
We hope that you find our code interesting and useful. Happy hacking!
-landon
Thanks for releasing the code. Look forward to using it on an incredible rom soon.
http://appanalysis.org/tdro1d.html
I'm assuming that's the link. Couple of questions.
1.I see it's on 2.1 rom, does it work with 2.2? Especially as it uses the 2.6.32 kernel.
2.Since the Desire is basically a Nexus One with sense, has it been tested on that platform or with sense?
Thanks for releasing the source and instructions!
This is what Android needs, as Google is not taking good care of the privacy of it's users.
It's impossible to install apps now, because most of them want really wide rights, but you have no idea what they do with those rights.
TaintDroid at least gives a possibility to peek into what is being leaked.
Soon some of the app makers will start to encrypt their calls to try and and mask what they are leaking. If/when this happens, it should be a warning sign to users about that particular app.

Opinions about open source

Hi,
I am accustomed to the habits of the Linux community. There, if you have created an app, the first thing you do is to provide a g'zipped archive file containing all source code, a README file, and a manual. Then you announce it in forums, get response and comments about your code. Everybody happy.
In the Android (and possibly other xda) communities the source code seems to be "top secret". There are many free apps but very few open source projects. Why is this? Why has every developer to reinvent the wheel?
As you might guess, I created an open source project. This is an audio app for Android tablets, it's a software instrument, and I was unable to announce it here because I have less then 10 posts. Please google for "One-Hand-Synth".
wboe

IMPORTANT: XDA-Developers and the GPL

Everyone working with GPLed code, in our case the Linux kernel which is under the GPLv2, needs to understand how the licence affects them, and the work they put out on XDA developers, to aid understanding a good write up of this issues has gone up on the portal, you can read it here;
XDA-Developers and the GPL
GPL compliance is taken very seriously on XDA, but at the same time I remind people to report anything via the proper channels rather than confronting anyone in public, which always does more harm than good.
A note to ROM developers:
Using a non GPL compliant kernel makes your ROM non compliant and subject to removal.
If you are using another developers kernel, linking to that kernels thread will make you GPL compliant (assuming that the kernel in question is compliant)
Originally written by Veyka
Since we got reports about ROM threads missing the kernel sources I'd like to ask ALL ROM Chefs and Kernel Hackers to review their threads and introduce the change accordingly.
When you use the kernel of a certain project (AOSP, AOKP, CM, ParanoidAndroid, PACMAN, ...) you have to provide a link to the GitHub repository of the project where the kernel sources you used can be found. In case you introduced changes to the kernel source, you are required to published them as well. Giving proper credits is also expected (to the project from where you took the kernel and to the developer/s of each modification you may have used (i.e. CPU Governors)).
When you created your "own" kernel (i.e. backported from one of the projects mentioned above) you have to provide the kernel sources plus all modifications you introduced to it. Again, giving proper credits to the project from where you took the kernel source and crediting the developer/s of the modification/s you may have used is expected.
Threads failing to comply with this rule will be closed and the OP be asked to comply or have the thread perma locked for failing to comply with the terms of the GNU General Public License.
In short: You do not have to publish the sources of your ROM (NOT applicable to Recognized Developers - you have to provide buildable sources of the ROM as well) if you don't intend to (though we rather see you being a valuable part of the OpenSource community by sharing your sources), however, you HAVE to publish, or link-back, to the kernel source!
This is not up for discussion.

IMPORTANT: XDA-Developers and the GPL

Everyone working with GPLed code, in our case the Linux kernel which is under the GPLv2, needs to understand how the licence affects them, and the work they put out on XDA developers, to aid understanding a good write up of this issues has gone up on the portal, you can read it here;
XDA-Developers and the GPL
GPL compliance is taken very seriously on XDA, but at the same time I remind people to report anything via the proper channels rather than confronting anyone in public, which always does more harm than good.
A note to ROM developers:
Using a non GPL compliant kernel makes your ROM non compliant and subject to removal.
If you are using another developers kernel, linking to that kernels thread will make you GPL compliant (assuming that the kernel in question is compliant)
Originally written by Veyka
Since we got reports about ROM threads missing the kernel sources I'd like to ask ALL ROM Chefs and Kernel Hackers to review their threads and introduce the change accordingly.
When you use the kernel of a certain project (AOSP, AOKP, CM, ParanoidAndroid, PACMAN, ...) you have to provide a link to the GitHub repository of the project where the kernel sources you used can be found. In case you introduced changes to the kernel source, you are required to published them as well. Giving proper credits is also expected (to the project from where you took the kernel and to the developer/s of each modification you may have used (i.e. CPU Governors)).
When you created your "own" kernel (i.e. backported from one of the projects mentioned above) you have to provide the kernel sources plus all modifications you introduced to it. Again, giving proper credits to the project from where you took the kernel source and crediting the developer/s of the modification/s you may have used is expected.
Threads failing to comply with this rule will be closed and the OP be asked to comply or have the thread perma locked for failing to comply with the terms of the GNU General Public License.
In short: You do not have to publish the sources of your ROM (NOT applicable to Recognized Developers - you have to provide buildable sources of the ROM as well) if you don't intend to (though we rather see you being a valuable part of the OpenSource community by sharing your sources), however, you HAVE to publish, or link-back, to the kernel source!
This is not up for discussion.

XDA-Developers and the GPL

Dear Developers
I'm sure you already heard about the GPL around the forums. In case you did not, the GPL ("GNU General Public License") is the most common license that affects many projects, like the Linux Kernel (the Linux Kernel is licensed under the GPLv2). This affects us, XDA and its members, as we are often working with the Linux Kernel (every Android platform runs on top of the Linux Kernel).
You may ask yourself now "Well, that's nice, but how does this affect me and what does the GPL do?" The answer is pretty simple actually: The GPL guarantees users to examine, modify and share their and others code by enforcing open-sourceness. This means you are free to use any GPL'ed sourcecode for your project, but you must make your used code publically available again.
Now, as many advantages this has, it also means quite some work for us developers. All used sources must be completely public by the time the compiled binary (like a Kernel) goes online. Another requirement is, that the OP must include all information to compile the exact same binary as uploaded by the developer. This means you need to specify:
The used toolchain including its version (linking to your toolchain source is always a good idea)
The used defconfig
The link to your sourcecode (including the used branch, tags,...)
If used, also upload your scripts used for the compilation
If you upload a kernel, publish the source, but the source is not compilable, it means you are breaking the GPL as you did not release the used source. Breaking the GPL actually means breaking the law, which means the sanctions on XDA could possibly be the least of your problems...
@ROM devs, using a precompiled kernel
As you are not compiling the kernel yourself, you do not have to give the above information. However, you have to link to the source of your kernel binary (for example: link to the OP of the used kernel). If you use the stock kernel, you must state this. Linking to the stock sources is not a requirement, but it is not the worst idea.
Keep in mind; if the kernel used is not GPL compliant, your ROM is not GPL compliant either. This may cause your thread to be closed and/or further action on your account may be taken.
Example:
GPL:
The kernel included in this ROM is located HERE. I have not altered anything.
Click to expand...
Click to collapse
If you need/want further information, you might want to take a look at THIS news article written by our Developer Admin pulser_g2

Categories

Resources