In association with heise online

01 February 2012, 11:30

Controversy around Busybox alternative

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

FOSS icon A proposal to create a non-GPL licensed, open source alternative to the Busybox program has sparked controversy. An allegation was made by Matthew Garrett that the replacement's development is designed to enable GPL violations.

Garrett says that it would do this by allowing embedded systems builders to replace the one piece of software that has been repeatedly and successfully used in court by the Software Freedom Conservancy (SFC) against companies who have not published or made available the source code of GPL software they have used. Garrett claimed that "You'll be able to violate licenses with impunity" if a company ships the alternative to Busybox, because no kernel copyright holders have "offered to allow the SFC to enforce their copyrights".

Busybox is widely used in embedded devices because it reduces I/O, disk and memory usage by "compressing" many small Unix commands into one. A single binary contains the code for numerous Unix/Linux commands and that binary is then symbolically linked in the filesystem to the names of the various different commands. When run, Busybox uses the filename it was run with to decide which command's code to execute. Busybox is licensed under the GPL version 2.

The proposal by Sony's Tim Bird explicitly says that one of the reasons for creating a non-GPL version is to avoid the possibility of litigation by the SFC. The SFC, with the help of the Software Freedom Law Center, has in the past filed many cases of GPL violation based around Busybox copyrights and seen success with these cases in the court room.

Bird criticises the SFC's actions because "as part of their request to remedy a busybox GPL violation, the SFC does ask for source code unrelated to busybox". This process, according to Bruce Perens, at least in the case of Best Buy, involves companies who settle with the SFC having to pay the SFC $5,000 per new free software containing product to have it audited for compliance for three years after a settlement.

Bird is working with Rob Landley, a former Busybox maintainer who was one of the original copyright holders and a plaintiff in a number of the Busybox cases. Landley has been working, "on and off", on a Busybox replacement, Toybox, since 2006, and in November 2011 Bird contacted Landley. Bird was battling Google's Android requirement of "no GPL in userspace" and needed a more powerful app than Android's Apache Licensed "Busybox-lite" Toolbox.

Landley changed the Toybox licence to a 2 clause BSD licence that month. Landley had become disillusioned over time with Busybox being used as a proxy for getting wider access to the code as it did not benefit the Busybox code base, remarking that "a dozen lawsuits later I'm still unaware of a SINGLE LINE OF CODE added to the Busybox repository". Landley, in comments, points out that he is not paid by Sony to work on Toybox and that he has been developing it because he believes its infrastructure is better than Busybox.

Bird also notes that "It is NOT the goal of this to help people violate the GPL, but rather to decrease the risk of some nuclear outcome, should a mistake be made somewhere in the supply chain for a product" and points to Sony's good track record of GPL compliance such as the Sony Source Code download site.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit