Symantec suspects the violation of Linux GPL license in the Norton core router
According to ZDNet reports, Matthew Garrett, a Linux security engineer, discovered Linux code in Symantec’s Norton core router, and Linux used the GPL license. It requires that projects using Linux source code require open source. But obviously, the router did not do this. This means that Symantec violated Linux’s GPL license.
By Open Source Initiative official SVG (Simon Phipps, former president of OSI) [CC BY 2.5], via Wikimedia Commons
For many years, embedded device manufacturers have been illegally using Linux. Typically, they use Linux without releasing the source code of their device, and Linux’s GNU General Public License, Version 2 (GPLv2) requires that the program using Linux source code be open sourced.
When Google engineer and Linux security expert Matthew Garrett dipped into his new Norton core router, he discovered that this high-end Wi-Fi router system appeared to be based on the Linux distribution of the QCA Software Development Kit (QSDK) project. This is a GPLv2 licensed open source platform built on Linux’s OpenWrt Wi-Fi router operating system. OpenWrt is not read-only but has a fully writable filesystem and package management, which allows Symantec to easily customize its routers with newer security features.
But if it is indeed based on QSDK and OpenWrt, Symantec needs to share the Norton core router’s code with the world. Garrett sent tweets directly to the Norton official: “Hi @NortonOnline the Norton Core is clearly running Linux and the license requires you to distribute the kernel source code so where can I get it?”
Hi @NortonOnline the Norton Core is clearly running Linux and the license requires you to distribute the kernel source code so where can I get it?
— Matthew Garrett (@mjg59@nondeterministic.computer) (@mjg59) April 4, 2018
The fact is, according to the Norton Core License, “The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering” This means that it does not publish the source code of the router.
In response to this incident, the Symantec representative said: “Symantec is fully committed to complying with its license obligations in connection with use of open source components in its products. We take these claims seriously and are looking into the matter.”
Source: ZDNet
