On Fri, 24 Feb 2023 at 08:06, Roberto A. Foglietta <roberto.foglie...@gmail.com> wrote: > > On Fri, 24 Feb 2023 at 05:23, Charles Plessy <ple...@debian.org> wrote: > >
One more thing about this: > - Joe tests the NN with the 10+1 images of TS and decides if the NN is > fine or not. If he decides that it is fine and it can go into > production, then Joe's employer should share all above stated. > Instead, if he decides that it is crap, he will trash it and he can > not share anything because the sharing will have zero value for > anyone. This is compliant with the clause of fair use in which I > explicitly added "testing" as a condition to avoid sharing. After all, > if there is no value produced why should we force Joe to share his > failure? In particular cases a failure (vulnerability) is valuable > information but for security reasons it is better that Joe is not > forced to comply with the GPLv3 terms. It is better to give Joe the > freedom to share only those information that he considers safe to > share in public. However, if Joe's company does a business with this - > providing a PoC to a client - then they have to comply with GPLv3 > because the statements for which commercial and business are covered > by GPLv3. In this specific case the provider of the PoC could make a public statement in which they promise to share under GPLv3 the PoC but only after 3 months in order to give their client the opportunity to develop an update that fixes the issue and test it properly. Then their client do their job but they need 3 more months to grant their clients have a reasonable time to update and test their systems. So, they will make a public statement in which they grant their PoC provider a legal coverage for every claim started in those 3 months that they might be exposed for not having complied with the GPLv3 terms. In this way they have 3+3 months of time to fix a critical issue and let their clients update their systems. In case the 3+3 months become 3+3 years, obviously their risk to face a trial with a negative outcoming for them is much higher. So, after a reasonable time, the PoC will be shared as supposed to be. Best regards, R-