[smarx007]

One thing I am not sure is why such a radical action was taken so quickly without thinking carefully first? It's not like a lawsuit was threatened or something. The original request in https://github.com/minad/mimemagic/issues/97 that you linked to was very polite and professional.

1) A time extension to remove the GPLed code could be politely requested. I know that the copyright belongs to all contributors but getting on good terms with the maintainer could be a solid first step. I think just opening a PR with that file deleted (and tests failing) could have been interpreted as a willingness to comply with the request in good faith.

2) A request to relicense the XML file in question under LGPL could have been sent to the original project (could be problem without CLAs, but still worth a try). Then the library could have been relicensed under LGPL.

3) Gem users could have been notified. Some prominent people from those projects could have helped with (1) and joined a kind request (2) to the original project.

At least that's how we'd (try to) handle it on our project under Eclipse Foundation (though we used to have a GPL code scanning for releases in the first place until very recently) if such situation arose. Anyway, talking to people first before doing something quickly is often a good idea.

[CaliforniaKarl]

> One thing I am not sure is why such a radical action was taken so quickly without thinking carefully first?

I think this can be answered by considering the following:

> At least that's how we'd (try to) handle it on our project under Eclipse Foundation…

Looking at https://github.com/minad/mimemagic, I did not get the impression that the software was backed by any organization, let alone one on the scale of the Eclipse Foundation. If indeed the software is essentially one person, imagine it from their perspective.

> Anyway, talking to people first before doing something quickly is often a good idea.

Assuming that this was not intentional (see Hanlon's razor), you could quickly have groups like the gpl-violations.org project taking notice, and things snowballing from there. I'm not calling out gpl-violations.org specifically here, instead I'm noting that there are other people who _would_ do something quickly.

Another thing to note is that u/minad is (per their GitHub profile) in Germany. That will also affect their opinion on things related to licensing.

[ericbarrett]

> One thing I am not sure is why such a radical action was taken so quickly without thinking carefully first? It's not like a lawsuit was threatened or something.

Once you've been informed of a violation, you have a legal duty to act, no? Regardless of whether counter-action is immediately threatened. (Not a lawyer, not legal advice)

[ysavir]

At the end of the day, it's people involved, and people have the capacity for understanding and empathy.

A safe course of action would be for the maintainer to respond with a message like "thank you for bringing this to my attention. Many products and services depend on this package and would be disrupted by any immediate action. I will bring this to their attention and work with them to remove the dependency as swiftly as possible and then remove all available versions of this package from where they are hosted."

If someone brings lawyers to the table due to lack of immediate action, maybe then we can proceed to a more immediate, if disruptive, course. But no need to rush there if there's no external pressure to act that fast.

[ericbarrett]

I completely agree with you in principle. However, if there are potential damages involved, it's hard to argue that you're not increasing your exposure by delaying or deferring the correction. (Again IANAL and this ain't legal advice.) Lawsuits aren't to be taken on a whim. Even if you ultimately prevail, the affair can change your life, and not for the better. So I can't blame anybody who wants to skip the lawyer and minimize their exposure, even if doing so angers a large number of developers—to whom they have no formal obligation.

[cwyers]

The question is, what act do you take? It's possible to negotiate and get a grace period to get into compliance, for instance.