I think that a lot of companies stepped back from the GPL when GPLv3 was announced, because it puts some pretty severe restrictions on how you can productize.
The tl;dr is that for any GPLv3 software that you ship, you have to also give your users a way to install a modified copy. If you're trying to ship a secured product, that basically means that you have to give code/rootfs signing keys to your customers. This is a non-starter for many kinds of products that need tamper protection (whether for product, legal, or safety reasons).
The Linux kernel remains on GPLv2, and is still used quite heavily. Most GNU software (coreutils, gcc, etc) moved to GPLv3 and then commercial companies abandoned them in favor of permissively-licensed replacements.
> If you're trying to ship a secured product, that basically means that you have to give code/rootfs signing keys to your customers. This is a non-starter for many kinds of products that need tamper protection (whether for product, legal, or safety reasons).
Fuck that. If it's my device then I want to have control. If I want to violate part 15 of the FCC rules then I'm going to do it and nobody is going to stop me. This paternalistic rubbish has to stop, I'm sure your company would love to retain ultimate control of the thing you've sold me, but that's not compatible with a free society.
"remote"? No. I want my driver-assistance ECU to be air-gapped but fully reprogrammable locally. After all, even with a totally tivoized ECU, a physically present attacker could still make my car kill me by cutting my brake lines.
The tl;dr is that for any GPLv3 software that you ship, you have to also give your users a way to install a modified copy. If you're trying to ship a secured product, that basically means that you have to give code/rootfs signing keys to your customers. This is a non-starter for many kinds of products that need tamper protection (whether for product, legal, or safety reasons).
The Linux kernel remains on GPLv2, and is still used quite heavily. Most GNU software (coreutils, gcc, etc) moved to GPLv3 and then commercial companies abandoned them in favor of permissively-licensed replacements.