Dear "Mangelschots, Jef",
In message 226BC4AFA29FC24789DFD00DFF3084C250D369040B@SAFEMAIL.safetran.railad.com you wrote:
We are getting confused when reading the GPL and interpreting how it applies to our situation.
You may want to read "A Practical Guide to GPL Compliance", see http://www.softwarefreedom.org/resources/2008/compliance-guide.html
We are adding features (not changing existing ones) to U-boot particular to our in-house developed system which we sell as a product to our customers. These changes involve adding a menu command for common tasks particular to our product and adding an in-house developed protocol for transferring files over a proprietary bus. We do not see these changes as being useful to the general U-boot community. We do have some concerns about security and opening our
What makes you think they would not be useful? Others might get inspired by your menu system and adjust / extend it for their purposes. U-Boot's origin is from a port to some board thatis of no use to you - and still you benefit from a lot of code you can re-use.
product (which is safety-critical) for malicious hacking by exposing the modifications.
Security by obscurity has never worked, and never will work.
Eventually a peer review from the experts in the community might even help to improve the security of your system (and I mean the real one, not the one you think you have).
But this is your decision, of course.
This modified U-boot will be deployed on our products. It will not make sense to use on any other platforms.
This is your opinion. Other people my think differently.
Our question is: Do we need to submit our changes to the U-boot maintainers for inclusion in the mainline distribution code ?
As Mike already pointed out: no.
We understand the philosophy of GPL to give our customers the source code so they have the ability to inspect, modify and outsource And customization without being dependent on us.
In that light we have no problem in either providing our customers with the full source code upon their request OR simply load the full source code in the file system of the box it is shipped with. So if a customer wants the code, they can load it of the box they bought from us.
Out-of-tree ports have two distinct properties: 1) they are obsolete from day 1 after their release (and often long before that), and 2) they are a never ending maintenance effort. In our experience the most efficient way to optimize product quality while minimizing long-term maintenance efforts is to push all changes into mainline as soon as possible. You get free code reviews from the best experts in the field, the community is maintaining your code for you, and there is free help for you and your customers from the community.
See what's happening with all the out-of-tree ports - people come here asking for help for really ancient versions, and we cannot help even if we want because we don't know the code...
It's your choice.
Best regards,
Wolfgang Denk