Re: Do we need embargoes for GPL compliance issues?
Paul Wise <email@example.com> writes:
> It seems to me that Florian is talking about the rare GPL violations
> that Debian (and other distros) commit and keeping those secret until
> they can be rectified. These happen (and are sometimes caused by
> upstreams like the GNU project). ISTR in the past we have just rectified
> the issues and ignored the fact that we lost our rights under GPLv2.
How does keeping them secret affect whether or not we lose our rights?
Oh, I think I see: it's about this section of the GPLv3?
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
So the idea is that if we self-discover, or are told by someone who is not
the copyright holder, and publish that fact immediately, the copyright
holder could then give us and our derivatives and any other distributor
with the same problem immediate formal notice and we'd only have 30 days
to remedy, but if we keep it secret, we can take more than 30 days to
remedy as long as the copyright holder doesn't separately notice?
That seems a little tortured to me, but I can sort of see it if I squint
hard enough. How much of a problem is this? Has Debian ever received a
formal notice from a copyright holder under that clause? Does anyone
really do this?
I may just be hopelessly naive or out of touch, but I feel like the
termination of rights clauses under the GPLv2 and GPLv3 are widely ignored
for good-faith violations (such as those Debian would make) and basically
never enforced that way. Hell, they're barely ever enforced against
blatant violations by large commercial companies like VMware.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>