[NeutronBoy]

I know a few years ago when I was working on a government procurement project for some software, the (very good) lawyers were very weary of any OSS included in the proprietary product we were buying. Their reasoning was, we were buying the product from the vendor. If the vendor had incorporated the OSS code into their product and it was found that they'd breached the license conditions, then we essentially lost the license to run the software - otherwise we'd be in breach as well. Not what you want when you're spending hundreds of millions on a project.

[AnthonyMouse]

Then you shouldn't buy software from anyone but a natural person who is the original author of 100% of the code, because the same logic applies to any license regardless of the terms.

It's just as easy for proprietary software to be a derivative of some other proprietary software which the seller screwed up and didn't acquire the appropriate license for.

[thyrsus]

Totally false. A lot of open source software is MIT style, which effectively means there are no consequences to infringement. If the infringing code is GPL, then as customer you've won the lottery, because now you've got an irrevocable free license to everything tightly coupled to that code, and the vendor is limited to charging you for ongoing labor or for adjunct products. You have no responsibilities as customer except to refrain from preventing others access; if you choose to (re-)distribute the code, then you cannot constrain the recipients of the code. The vendor, on the other hand, is now required to charge no more than copying fees for infringing code, and must do so for any customer. They can charge for development labor and support fees (see: Red Hat), but derived code is available to you in perpetuity.

[nunobrito]

Be careful with assumptions. You might end up using MIT components to which you don't have the patent rights. This is one of the reasons why Microsoft adopted the MIT instead of the Apache license that is legally safer for enterprise.

In regards to Red Hat, you don't get the code available in perpetuity (time is three years for GPL portions) and you can't distribute that code to others when it still contains logos and other trademarks from Red Had inside (CentOS is often the alternative). Effectively you are paying them for a time-limited subscription to use their logo. That's on the fine print inside Red Hat license agreements.

I know this because my job is to make sure open source can be used without bobby-traps.

[taktoa]

Since when does the GPL stipulate anything about how much you can charge for GPLed software (wrt your statement about "copying fees")?

[thyrsus]

The vendor can, of course, charge whatever they like for copying fees. The customer would be wise to get source from the beginning, and keep track of it for themselves, but that's a matter of "physical" access, not legal right. From GPL 2:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, 
    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, 
    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)