yeah they'd need to innovate to mitigate their risk.
example: you are a car manufacturer. you have a legal responsibility for the street safety of your car, a responsibility for the functional safety of your product.
now a car crashes, badly, killing people, and blame is put onto the internal software of some on board "electronic control unit", ecu.
how can you ensure the software was not tampered with?
lock it down, secure boot?
then you can't have any gpl3 component on there.
so to allow for personal software modifications you'd need to innovate some mechanism which reliably flags unsigned software changes to the ecu. they need to be reliable enough that even after a crash you can still check if the ecu was running vendor software or some modified version. just like you can check if the brakes or the steering was intact or tampered with.
such legal liability is at the heart of rejecting gpl3 for many devices.
ps: for infotainment it's not about human life but about profit, content tax, a different story.
It's perfectly okay for you to put GPLv3 software in ROM that nobody can ever modify and then sell me the hardware. What's not okay is selling me hardware where you can modify the software after the fact, but I can't. And it's also okay for your hardware to detect if I modified the software. It just can't refuse to work if I did.
And this is where the FSF makes the weird trade off that they prefer to not have security updates as that's more "free" than being able to get security updates from the manufacturer. Either way you can't update it, but at least in the scenario the FSF opposes the users are able to be more secure.
this has nothing to do with security updates. any vendor is free to ship security updates however vendors often decide to refuse updates to "tainted" devices.
...and put your device in "dev board mode", which loses all homologation and puts the vehicle into safe space.
and as per the slide deck this may be a one way operation, creating a brick in the driveway.
I know the slide deck. I've asked automotive oems to think about a dev mode which does drive, but puts the whole car into a dev mode and makes this obvious. too expensive. just kick out gpl3 from anything relevant to homologation.
example: you are a car manufacturer. you have a legal responsibility for the street safety of your car, a responsibility for the functional safety of your product.
now a car crashes, badly, killing people, and blame is put onto the internal software of some on board "electronic control unit", ecu.
how can you ensure the software was not tampered with?
lock it down, secure boot?
then you can't have any gpl3 component on there.
so to allow for personal software modifications you'd need to innovate some mechanism which reliably flags unsigned software changes to the ecu. they need to be reliable enough that even after a crash you can still check if the ecu was running vendor software or some modified version. just like you can check if the brakes or the steering was intact or tampered with.
such legal liability is at the heart of rejecting gpl3 for many devices.
ps: for infotainment it's not about human life but about profit, content tax, a different story.