Florian Weimer <[email protected]> writes: > * Russ Allbery: >> Florian Weimer <[email protected]> writes:
>>> Do you think Debian should welcome embargoes for GPL compliance >>> issues? Security embargoes are a huge pain, but one would hope that >>> GPL violations by Linux distributions are much rarer events. >> I'm sorry, I think I'm missing some basic context required to make >> sense of this question (and therefore I suspect other people on this >> list are as well). >> What exactly would we be embargoing, and why? > See bug #907585 for an example. It occurred to me only afterwards > that reporting it publicly (upstream) might be a bit inconvenient for > some people (although no one has complained to me directly). Hm. I guess I'm not seeing any harm there. The problem only happens if a copyright holder sees such a notification and then files a formal notice of copyright violation, right? One unfortunate part about the way the GPLv3 license is phrased is that if the same copyright holder reports multiple instances like this, the thirty-day thing only applies to the first one, and then one technically immediately loses the license to distribute (at least if I'm understanding the license correctly). So, for packages like the Linux kernel where these license violations are fixed when we notice them but which have an ongoing likelihood of seeing new violations, we can get into some bad and I think unintended consequences. That means embargo isn't really useful anyway in cases where we expect to see ongoing unintentional license violations that have to be cleaned up. That said, the Linux kernel is of course under GPLv2, which doesn't have that 30-day provision at all, so it doesn't seem like an embargo would have helped at all in this specific case (which I think you mentioned in your original message). If we get into informal conventions among copyright holders about what they'll pursue and what they won't pursue, (a) I have a hard time imagining any such convention that would pursue a copyright complaint against what Debian does, and (b) those conventions are strictly voluntary and there's no reason to believe that all Linux copyright holders will follow them anyway. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
