> How does on really verify that the software published matches software installed?
https://gitian.org/
> The history of GPL enforcement shows that it is hard to get vendors > compliant even if there is an active litigator determined to get all the > source code
I'm sure it would get easier once that litigator happens to be the government/state.
> Now imagine trying to pry the sources from some small China shop where > there is no version control and firmware is produced by a guy in a corner > who has three directories on his PC with some pieces of firmware built > which he hacks on every time a new device is released.
With a law requiring opensource, this practice would at least become illegal.
> It's so much cheaper to dump _something_ then fold the shop and reopen > under different name.
Then we would be talking about how to improve law enforcement in these cases, but at least we need to make it illegal in the first place.
Re: How about open source?
https://gitian.org/
> The history of GPL enforcement shows that it is hard to get vendors
> compliant even if there is an active litigator determined to get all the
> source code
I'm sure it would get easier once that litigator happens to be the government/state.
> Now imagine trying to pry the sources from some small China shop where
> there is no version control and firmware is produced by a guy in a corner
> who has three directories on his PC with some pieces of firmware built
> which he hacks on every time a new device is released.
With a law requiring opensource, this practice would at least become illegal.
> It's so much cheaper to dump _something_ then fold the shop and reopen
> under different name.
Then we would be talking about how to improve law enforcement in these cases, but at least we need to make it illegal in the first place.