> Keep in mind that while the 'death penalty' and/or SFC's demands may seem extreme, they're pretty darn reasonable when viewed from the perspective of copyright law, which (at least in the US) allows for $150K *per copy* penalties, on top of an injunction preventing further distribution.
This is a valid point.
However, that copyright law is insane doesn't excuse us in the FOSS community doing anything insane as well (even if it is much less insane).
It is *very* hard to convince corporations to use FOSS if the risk is that a single mistake by one of their teams means that the entire company can no longer use that specific FOSS until the copyright owner agrees for them to. The main problem is uncertainty: The corporation does not know ahead of time exactly what the copyright owner will demand. At least with a proprietary license, you know ahead of times the costs involved in a clear (well, clear-er) manner.
If I had believed the GPL did actually assume such a "death penalty" event - I prefer to call it a "hostage situation" - I would never have released the GPL code I did (I would have used another FOSS license). It strikes me as counter to the intent of the GPL, and very dangerous to the FOSS community as I said above.
It is more than sufficient to protect GPL code to interpret it in the more reasonable way, which is that distributing GPL code grants a new license each time. So that you have a license if you comply with the GPL. If you don't comply, you lose that license until you download a new copy, and are in compliance with that license. In this situation, violating the GPL is still very bad - you cannot use the code any more - but at least you know ahead of time exactly what you need to do to be able to use it again - come into compliance.
That the SFC does basically that - but for all FOSS projects the company uses, not the one whose license they violated - is not as bad as things *could* be, because in theory the license enforcer could ask for anything at all (hence I prefer the term "hostage situation"). But again, the problem is that corporations don't know for sure in advance what the SFC will require, if one of their teams makes a mistake and doesn't fully comply with the license of one of the FOSS projects they use. This is one of the biggest problems for FOSS adoption today.