[misnome]

Is there any precedent to what happens, or could happen, if a project changes licence like this in a patch release? Is there any provision for mistakes like this in the GPL, or is everything that has ever used this package now considered "fair game" for classing as GPL and making source requests?

(although I imagine rails being a web framework probably protects anything using rails and only serving the end results publicly, this sounds like the sort of nightmare scenario that would make legal departments nervous about open source)

[joshuaissac]

GPL licensing of derived works is not automatic. Instead, distributing under incompatible terms is copyright infringement.

It may be possible to remedy this infringement by releasing the source code under the GPL, but it also may not (e.g. source code contains un-relicenceable code from a third-party), in which case the only remedy is to not distribute the program at all.

[misnome]

Ah, right, so it doesn't make it automatically GPL2 unless they want to continue to distribute it - and presumably only the original GPL2 licence-holder(s) are in the position to raise the issue of past infringement-via-distribution.

And so presumably unless rails was actively distributing bundles with it they'd would not be counted as "distributing" this GPL dependency.

It does sound like exactly the sort of hole that AGPL is designed to close is the saving grace here?

[dathinab]

Somewhat, but the thing is even if they sue, as long as the offender (rails? rails user?) does stop distributing the software until they replaced the code in question the amount of damages you can sue for can be surprisingly little.

If it would be a "essential" component like e.g. Linux it's a bit of a different matter. But as long as it's a non essential easy to replace library the cost of suing might noticable outclass the any money you can get out of it.

This is not a given thing, but at least it's not unlikely as far as I can tell.

IMHO using GPL for anything but full blown Applications, System Components or very large/complex/tricky libraries is kinda pointless.

And for them GPL isn't good enough in the current ecosystem, so you might need to go with AGPL or SSPL. Both which are noticeable less liked then GPL by many.

[freedomben]

IANAL so take with a grain of salt, but legal action is very rare under the GPL, and it's also expensive. In a case like this also I think it would be a tough case. I wouldn't worry about it, at least not currently.

[misnome]

I expect this whole discussion could have IANAL prepended to it - but it seems like an interesting question - what the licence strictly implies, beyond "It probably doesn't matter as probably nobody will take legal action against you".

Or is lack of enforcement, in the end case, the only thing that matters - making most discussions about open licences and in-depth consideration meaningless?