Netgear router not open source, says coder

Netgear router not open source, says coder

Summary: A router and platform designed for small businesses and marketed as open source break the terms of the GPL, according to developer Harald Welte

SHARE:

Networking company Netgear has been accused of breaking open-source licensing conditions, by shipping a Linux-based router without source code.

The claims were made in a blog post on Wednesday by Harald Welte, Linux watchdog and developer.

Welte told ZDNet UK that the Netgear WNR3500L router, designed for small businesses and consumers, ships with kernel modules which are binary-only. This may break the terms of the GNU Public Licence (GPL), as the GPL does not allow open-source applications to link to binary-only kernel modules, according to Welte.

"Linking of non-GPL code with GPL code (such as in the case of a binary-only kernel module) is not what the GPL intends to achieve," wrote Welte in an email interview. "The GPL is meant to ensure that all derivative works of a GPL licensed program are also covered by GPL."

The issue lies in the way that the kernel module and applications perform dynamic linking, Welte told ZDNet UK in a phone interview. Legally, the two parts of the program link, and in the end form one program, said Welte.

The coder, who runs GPL-violations.org, said there were also security issues with binary-only kernel modules. As consequent iterations of the Linux kernel do not support previous iterations, proprietary modules potentially contain security holes, said Welte.

"The Linux kernel developers and the development process do not support binary-only kernel modules," said the developer. "Thus, if you compile a kernel module for eg 2.4.24, this module will not work for 2.4.25 or any other kernel version.

"In fact, even if you chose to use different optimisation flags or use a slightly different compiler version, the module will not work anymore."

Welte added that by shipping binary-only kernel modules, Netgear could have opened itself to copyright claims by Linux kernel authors, as it was legally unclear whether modules combining with applications form derivative or collective works.

Netgear told ZDNet UK on Wednesday that it made sure it followed open-source practices, and that it would investigate Welte's claims.

"I need to get back to my team to look into this," said Vivek Pathela, Netgear's general manager of home consumer products. "We are confident we follow open-source practices... We have no intention of violating [open source] business practices."

Pathela said Netgear would try and contact Welte about this, and would be happy for him to contact them. .

"We definitely want to abide by the rules, and we want to make our platform and practices as open as possible," Pathela added.

Topics: Apps, Software Development

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion