The person isn’t talking about automating being difficult for a hosted website. They’re talking about a third party system that doesn’t give you an easy way to automate, just a web gui for uploading a cert. For example, our WAP interface or our on-premise ERP don’t offer a way to automate. Sure, we could probably create code to automate it and run the risk it breaks after a vendor update. It’s easier to pay for a 12 month cert and do it manually.

Does the GPL cover having to give redistribution rights to the exact same code used to replicate a certain build of a product?

It does, and very explicitly and intentionally. What it doesn’t say is that you have to make that source code available publically, just that you have to make it available to those you give or sell the binary to.

What Red Hat is doing is saying you have the full right to the code, and you have the right to redistribute the code. However, if you exercise that right, we’ll pull your license to our binaries and you lose access to code fixes.

That’s probably legal under the GPL, though smarter people than me are arguing it isn’t. However, if those writing GPLv2 had thought of this type of attack at the time, I suspect it wouldn’t be legal under the GPL.

I believe you are correct. Any paying Red Hat customer consuming GPL code has the right to redistribute that code. What Red Hat seems to be suggesting is that if you exercise that right, they’ll cut you as a customer, and thus you no longer have access to bug fixes going forward.

I suspect it’s legal under the GPL. I’m certain it violates the spirit of the GPL.

I am not a lawyer, but I have been a follower of FLOSS projects for a long time.

Me too. I know what I’m suggesting is functionally impossible. I’m wondering if it could be done in compliance with the GPL.

All of those contributors have done so using language that says GPLv2 or higher. Specifically says you can modify or redistribute under GPLv2 or later versions. So nothing stops the Linux Foundation from asking new contributors to contribute under the GPLv4 and then releasing the combined work of the new kernel under GPLv4.

The old code would still be available under the GPLv2, but I suspect subsequent releases could be released under a later version and still comply with original contributions.

Again, I know it won’t happen, just like I believe Red Hat’s behavior is within the rules of the GPL. I’d love to hear arguments as to how Red Hat is violating the GPL or reasons why the kernel couldn’t be released under GPLv3 or higher.

I suspect what Red Hat is doing is compatible with GPLv2, which is how the Linux kernel is licensed. I’m certain what they are doing is inimical to the Intent of GPLv2.

That raises some questions and possibilities. It looks like the Linux kernel still has the GPLv2 or later clause, despite not moving to GPLv3. See https://www.kernel.org/doc/html/v4.18/process/license-rules.html

How possible is it to create a GPLv4 that addresses this? Building a new license that does shouldn’t be difficult. However, I’d assume the Linux kernel isn’t released under a GPLv3 or later because of some objections with those changes. I’d imagine creating a GPLv4 that addresses the Red Hat issue but leaves out the changes in GPLv3 is likely a non-starter because those that have chosen a GPLv3 or later license will object.

Given the thousands of contributors to the Linux kernel, is an upgrade to a GPL version higher than v2 even possible? I’ve got no idea, but I’m curious of any insights.