Ready to 
Netgear responds to open source concerns for WNR3500L router
Robert Hallock
October 10, 2009 12:49 AM ET in Tech
Yesterday we offered word that the open source community was up in arms regarding Netgear’s WNR3500L router. Netgear claimed that the product was open source, but the open source community alleged that the product might be illegal, in addition to being unsafe and unethical. We contacted Netgear to receive their perspective on the issue, and they wrote back to let us know that their Senior Product Line Manager Som Pal Choudhury has written a post which describes Netgear’s stance.
The open source community’s primary point of contention is that the WNR3500L is in violation of the GPL license. While the router’s kernel is open source, Netgear uses proprietary modules in the OEM firmware which hook into the kernel. This represents a GPL violation as anything that hooks into or modifies a GPL-licensed body of code must also have its source published, and this has not yet happened, says the OSS community. Choudhury disagrees, saying that he believes Netgear has complied with applicable GPL stipulations.
“With respect to the default firmware, we have used our best efforts to comply with and believe we have complied with the applicable GPL requirements,” he said. “Nevertheless, we understand that the open source community generally takes exception when factory loaded firmware written in Linux that is placed on routers or other hardware includes binary only kernel.”
“We always work diligently to review our GPL compliancy. As a consequence, we comply with the GPL requirements, and we strive to hold our partners and suppliers to the same standard. In that regard, we think NETGEAR’s goals and position are aligned to the Opensource community,” he continued.
The open source community also accused Netgear of fostering insecurity. By hamstringing the router’s Linux kernel with proprietary module attachments, the kernel can never be updated unless Netgear takes the time to update its modules as well. Choudhury suggests that this will be a passing issue, saying “As for use of Linux kernel 2.6 on WNR3500L drivers, we are already working on it. Please stay tuned for more updates in the next few months.”
Likewise, Choudhury claimed that the binary modules are a result of regular users who have to use the router “as-is.” These customers don’t have time to tinker with firmware or tweaking, and they expect the router to simply work. The binary modules make life simple for those types of users.
He also said that the company is working on providing hardware block diagrams, more source code, and hardware details to more effectively write firmware.
Despite these positions, the OSS community may still have a valid point. The GNU GPL page dedicated to identifying and submitting GPL violations lists the following:
Is the available source code complete, or is it designed for linking in other non-free modules?
OSSers claim that the WNR3500L source code is not complete with respect to this stipulation. The OEM firmware’s code is designed to link binary (non-free/proprietary) modules.
To summarize: The open source community is complaining about the condition of the router as it ships from the factory. The dispute is not over whether the hardware can accept open third-party firmware (it can), but rather that proprietary code is used out of the box. The OSSers say that it violates the spirit of a GPL product which should be open end-to-end, not just after someone tinkers with it to make it open.
If this sort of (alleged) GPL violation doesn’t perturb you, then the WNR3500L is still a perfectly capable router which runs any of the popular firmwares which have kept you anchored to your WRT54G for the last five years.
RSS