> In a lot of countries it's ILLEGAL to use uncertified GSM stacks (hardware+software). As simple as that. You can certify OpenSource code, probably. But the moment you make a modification (even to close a security hole) you'll have to re-certify it again which kinda beats all the advantages of OpenSource.
Do you have a citation for this claim? That seems farfetched to me. I can believe that it is illegal to *sell* uncertified stacks (hardware+software), and I can believe that it's illegal to *use* anything that uses the wrong frequencies, for whatever reason. But I would be hard pressed to imagine a law that forbid you, personally, from creating and using a stack (possibly by modifying the software) that was not certified, which still met all of the frequency and signal strength requirements. If that were the case, then it would be illegal to develop GSM stacks, as you would never be able to test and debug them before certifying them.
Furthermore, even if it is, technically, illegal, in certain jurisdictions, how would anyone know? If it meets all of the requirements and doesn't interfere with the network, who would ever notice?
> The problem is, if you cut yourself with a knife - you only cut yourself. A bad firmware can affect a lot of people around you.
And with a knife, you can also affect a lot of people around you, by stabbing them or mugging them. Knives are plenty dangerous; probably more dangerous than rogue GSM devices, which, if the networks are at all responsible, could at most create a temporary denial of service for a service that we've managed to live without up until a dozen or so years ago.
> That's why we generally don't allow private persons to own nuclear arms.
Are you seriously trying to compare a rogue GSM transmitter with a nuclear weapon?