Paul Wise <p...@debian.org> writes: > It seems to me that Florian is talking about the rare GPL violations > that Debian (and other distros) commit and keeping those secret until > they can be rectified. These happen (and are sometimes caused by > upstreams like the GNU project). ISTR in the past we have just rectified > the issues and ignored the fact that we lost our rights under GPLv2.
How does keeping them secret affect whether or not we lose our rights? Oh, I think I see: it's about this section of the GPLv3? Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. So the idea is that if we self-discover, or are told by someone who is not the copyright holder, and publish that fact immediately, the copyright holder could then give us and our derivatives and any other distributor with the same problem immediate formal notice and we'd only have 30 days to remedy, but if we keep it secret, we can take more than 30 days to remedy as long as the copyright holder doesn't separately notice? That seems a little tortured to me, but I can sort of see it if I squint hard enough. How much of a problem is this? Has Debian ever received a formal notice from a copyright holder under that clause? Does anyone really do this? I may just be hopelessly naive or out of touch, but I feel like the termination of rights clauses under the GPLv2 and GPLv3 are widely ignored for good-faith violations (such as those Debian would make) and basically never enforced that way. Hell, they're barely ever enforced against blatant violations by large commercial companies like VMware. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>