> what the risks are of using GPL software in your products
"Risk" is a weird way to phrase it. It's a cost for taking advantage of someone else's work, just the same as if you paid for a library. If you're not willing to pay the cost, don't use the software, just like companies would tell their employees not to use a pirated version of Photoshop.
> It will be interesting if GPL "wins" and a bunch of companies immediately tells their employees to strip every bit of GPL code out of the system and rewrite from first principles any function that is required for the product to operate.
This seems unlikely. Is it really that common for companies to violate the GPL today?
I'm interested in what makes you think the term 'risk' is weird. In my experience most, if not the majority, of business decisions a company made were composed at the management level as a trade-off between risk and reward. The decision process included a list of things that could go wrong, or take longer than expected, Etc and those things were in the risk category, and things like time to market, operational efficiency, better margins, Etc. were in the reward category.
From that perspective the choice to use open source software in their product seemed to often include two risks, one was how would you respond if it broke and the other was what would you have to do to replace it if it became unavailable for some reason. To use a pretty well known example, the Android system from Google, which you could compile and run on your phone for "free" but the risk was that Microsoft would (and did) come after you for patent infringement if you used it in a phone [1].
The risk here was to margins, where a manager might assume the cost of shipping this software was $0 (no license cost) and have it end up costing $Y because of patent fees.
When Blekko was acquired by IBM we had to "blue wash" our code, which was to go through and identify every copyright, every comment that might imply ownership, and figure out if it was "okay", "not okay", or "needs more research." That entire exercise was described as "Minimizing the risk that the IBM company will be sued because they are using the code for your product."
> Is it really that common for companies to violate the GPL today?
Every company I've worked at is careful about GPL. Some are more careful than others, but they all put at least some effort into ensuring nobody brings in GPL libraries.
As a lawyer explained to me, they understand at some point GPL code will be shipped - it is too tempting. The real goal is to ensure that when it happens they can convince the courts it is a rouge employee doing something he wasn't supposed to, as then the penalty is a slap on the wrist and a bunch of developers emergency switched to rid our stuff of GPL. If the courts decide the company didn't do enough to prevent infringement then the court will decide that it was company policy to make their product open source and the courts will force the release of source code. This is why all developers I work with have to take open source training, we have someone assigned to audit all our code, and we have bought tools that look for potential open source code, it all builds a case before the court. To my knowledge the above as kept us from infringing in the first place, which is the real goal, but since all tools have holes eventually we can assume it won't.
"Risk" is a weird way to phrase it. It's a cost for taking advantage of someone else's work, just the same as if you paid for a library. If you're not willing to pay the cost, don't use the software, just like companies would tell their employees not to use a pirated version of Photoshop.
> It will be interesting if GPL "wins" and a bunch of companies immediately tells their employees to strip every bit of GPL code out of the system and rewrite from first principles any function that is required for the product to operate.
This seems unlikely. Is it really that common for companies to violate the GPL today?