Back in October, I mentioned a new QFe we had, KB824706, which would let you apply desktop QFE's directly to XPE runtimes. It's a cool thing - we had to get some DCR's into the desktop QFE installer, and add some components to support the installer, but it works very well with only a 10Mb footprint hit at a maximum (the dependent components max out at 10Mb - if you've got some of them in your image, your footprint hit is smaller). There were a few caveats we documented (stuff like EWF images, remote boot, kernel updates, etc.), but the solution was sound. With everything in place, I released the new QFE.
The next day, I had to pull it from the website. It killed me, but it wasn't my decision. The story is short and sordid, and delves into subject areas that rightly make techies cringe - corporate legal departments and license agreements.
You see, XPE customers fall into two basic camps - OEM's and end-users (I thought they were all OEM's, but MS Legal corrected me). OEM customers use our tools to develop solutions using XPE runtimes that they then sell for profit (think someone making ATM machines). End-user customers use our tools to develop solutions using XPE runtimes that they then use internally (think a big retailer building their own in-house POS system). There's also a third class of customer, the true end-user, who gets MS OS's from licensed OEM's or via retail channels and uses it as a general purpose OS on their machine (think buying a PC from Gateway or Dell with the OS preloaded).
The problem arises because desktop QFE's are licensed for true end-users, not OEM's of any kind. OEM's require a different EULA, which allows them to redistribute the QFE to their customers. If you've ever bought a PC with the OS preloaded on it, you've bought from an OEM, and they support the system completely. For an OEM to hand out QFE's on their PC's or devices, they need a special EULA that covers redistribution of MS bits. In the retail OEM channel for the desktop, this is taken care of at a different level - unfortunately, nobody ever thought about the Embedded developer when crafting these EULA's (mainly because MS wasn't involved in the embedded market at the time).
In short, the desktop QFE's come packaged with a EULA that doesn't cover any of our embedded customers, which means you can't legally send out an image containing a raw desktop QFE. The QFE's we author that update the database do come wrapped in our own EULA tailored for XPE developers, so there's no problem there - this argument only applies to using desktop QFE's to update devices you sell, or update devices already in the field for your customers.
The first solution is rewrapping the desktop QFE with a EULA for each class customer, but that's a non-starter for me - it means having to repackage the desktop QFE's once for each unique EULA, and then making them available to only those customers covered by that EULA. This solution doesn't scale past one EULA and one customer, and it requires re-engineering the OEM secure web site to tailor downloads for different customer classes, turning what is a licensing issue into a technical one. The real solution (in my opinion) is a single EULA covering all our customers, which is something we're fighting to get. We're working on some interim solutions to get customers moving, but it's a slog - imagine trying to explain your job to your grandmother, and you approach the difficulty I'm having explaining embedded systems development to lawyers and paralegals. It's much the same when the lawyers try to explain the licensing situations to me - we speak two different languages.
For the time being, this update is limbo - I wish it weren't so, but there you have it.