Major Chip Designer Rockchip’s GitHub Repository Blocked Over Open Source License Violations
Major Chip Designer Rockchip’s GitHub Repository Blocked Over Open Source License Violations
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- What is the best alternative to Microsoft Office?
Major Chip Designer Rockchip’s GitHub Repository Blocked Over Open Source License Violations
December 28, 2024 — Leading semiconductor design company Rockchip Electronics has had its MPP (Media Process Platform) project repository frozen on GitHub following allegations of serious open source license violations, marking a significant controversy in the open source community.
The enforcement action came after FFmpeg, one of the world’s most widely-used open source multimedia frameworks, filed a formal complaint under the Digital Millennium Copyright Act (DMCA).
The move represents a rare escalation in open source licensing disputes and highlights growing tensions over compliance with open source agreements.
The Rise of “Vibescamming”: When AI Becomes a Cybercriminal’s Best Tool
The Origins of the Dispute
The controversy traces back to February 2024, when FFmpeg maintainers discovered that Rockchip had extensively copied code from libavcodec—a core component of the FFmpeg project—into its MPP repository. While using open source code is permitted under certain conditions, Rockchip’s handling of the borrowed code raised serious red flags within the developer community.
According to FFmpeg’s complaint, Rockchip not only copied substantial portions of the codebase but also removed original author attributions and copyright notices. More critically, the company allegedly changed the license from LGPL (Lesser General Public License) to the more permissive Apache License, effectively circumventing the original licensing terms that require derivative works to maintain the same license.
Is Your Website Really Safe Just Because You Installed an SSL Certificate?
Broken Promises and Inaction
Following the initial discovery, Rockchip developer HermanChen publicly apologized for the violation, attributing it to a lack of understanding about license conflicts. Chen promised that the infringing code would be replaced in future updates, a commitment that appeared to satisfy the community at the time.
However, nearly two years have passed since that pledge, and Rockchip has taken no substantive action to remove the infringing code or restore the original licensing terms. This prolonged inaction ultimately prompted FFmpeg to pursue formal legal remedies.
Is Your Website Really Safe Just Because You Installed an SSL Certificate?
GitHub Takes Action
In its DMCA notice to GitHub, FFmpeg detailed how Rockchip’s practices violated LGPL terms, which require that any modifications or derivative works based on LGPL-licensed code must also be released under the same license. The LGPL is specifically designed to ensure that improvements to open source software remain accessible to the broader community.
Following standard procedure after receiving a valid DMCA takedown notice, GitHub froze Rockchip’s MPP repository, making it inaccessible to users. As of this writing, Rockchip has not issued any public response to the repository takedown.
Let’s Encrypt to Launch Free IP Address Certificates: A Game-Changer for DevOps and IoT
Industry Implications
This incident underscores the importance of open source license compliance, particularly for commercial entities that incorporate open source components into their products. The LGPL and similar copyleft licenses exist to protect the collaborative nature of open source development and ensure that contributions benefit the entire community.
For Rockchip, the path to restoring the repository is relatively straightforward: the company would need to file a counter-notice with GitHub and address the licensing violations by either removing the infringing code, properly attributing the original authors, or relicensing their derivative work in compliance with LGPL terms.
However, the company’s nearly two-year delay in addressing the issue despite earlier promises has puzzled many in the open source community. Industry observers note that resolving the matter promptly would have been far simpler and less damaging to Rockchip’s reputation than allowing it to escalate to legal action.
As open source software becomes increasingly integral to commercial products across the technology sector, this case serves as a stark reminder that license compliance is not optional. The outcome of this dispute may influence how other companies approach their use of open source components and underscore the community’s willingness to enforce licensing terms through legal channels when necessary.
