how to comply question

[Peter Roozemaal]

Hi,

Tamas TEVESZ wrote:
> there's an open source project, which, as a part of it's build 
> framework, relies on a couple of gpl tools (coreutils pieces, make, 
> stuff like that). to make life easier for users, binaries of these  
> tools for some not-so-fortunate platforms (dos, os/2 and the like -- 
> you get the idea) are included in the source repository. it turns out 
> that for some of the stuff, we don't even know or can find a location 
> for a source package.
> 
> removing these binaries is thought to create a "support nightmare" of 
> sorts, even with pointers and documentation stating "you need to get 
> it, do so here and here". including source packages is somewhere in 
> the source repo is partially possible (as said, for some binaries we 
> don't know a source), but we still can't be perfectly sure (though a 
> certain level of confidence is there) whatever sources we include 
> will match the binaries we include - point is, we aren't really in the 
> coreutils "business", just including them so our users don't have to 
> be in the coreutils business either ;)
> 
> what would be the appropriate course of action to take? 

(I am not a lawyer, so this is not legal advice. This also is free
advice and I limit my liability to what you've paid for this advice.)

To summarize in my own words: you want to "clean up your repository and
get in full GPL compliance". That means you should have matching sets of
source and binary packages for the GPL components you distribute. One
option is collecting them on the Internet, but you can also consider
creating your own binary packages from a known source package. (Ask some
volunteers to step up.)
Tell these volunteers that they are allowed to change the code, but must
keep a record of their changes. You should then make sure that a source
package with all their changes included is made. (Optionally, try to get
those patches applied "upstream" with the package maintainers.)

Peter.