On Fri, 29 Sep 2006, James Bottomley wrote:
That caveat is important, and changes it from a misleading statement
to a true statement. It also is a statement which is true for the
GPLv2, which makes it not such a useful statement to make when
considering the relative merits of the two licenses.
Well, this is the whole point. Today, you can distribute GPLv2 packages
without much patent worry ... if you develop GPLv2 packages, that's
different, but if you simply act as a conduit, you're not going to have
too much trouble.. If I take the broad interpretation that I give a
licence to every patent practised by every package I distribute, then I
don't know what my liability might be until I've done an IP assessment
of everything that's distributed from the website. That means not just
what I'm working on, but also what support put up there to assist a
customer, and also what the engineers are putting up in their private
areas.
this is especially relavent for companies that have formerly been willing to act as mirrors for free software projects. now the act of mirroring debian means that any patent they own could be comprimised by a random debian developer adding a patch to any of 19000 packages that implements that patent