How does on really verify that the software published matches software installed? The history of GPL enforcement shows that it is hard to get vendors compliant even if there is an active litigator determined to get all the source code.
Now imagine trying to pry the sources from some small China shop where there is no version control and firmware is produced by a guy in a corner who has three directories on his PC with some pieces of firmware built which he hacks on every time a new device is released. It's so much cheaper to dump _something_ then fold the shop and reopen under different name.
Re: How about open source?
Now imagine trying to pry the sources from some small China shop where there is no version control and firmware is produced by a guy in a corner who has three directories on his PC with some pieces of firmware built which he hacks on every time a new device is released. It's so much cheaper to dump _something_ then fold the shop and reopen under different name.