I cannot use GPLv3 packages in our image build. I am no legal expert but from what I can understand most companies will not be able to comply with this license without allowing the customer to compile and deploy a new version of any GPLv3 package to the target. I know it is possible to comply with this but we are using secure boot and have not the time and probably no interest in setting up a solution for allowing customers to be able to deploy GPLv3 packages on the target. We are trying to make use of INCOMPATIBLE_LICENSE but that results in several issues. We have made sure that we don't include GPLv3 in the image build using a manual process but would like to use INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any packages even if it is only part of the SDK and also for native packages that are not part of the image build.
I cannot be the only one with this problem so how are other companies solving this issue? Are they just not using the INCOMPATIBLE_LICENSE? Are you setting up a parallel process for checking for any incompatible licenses issues?
A more specific issue is that there are so many packages with bash dependencies which are pulling in bash which is GPLv3 so how have you solved that? Currently we have done some pretty uggly hacks which I am not that happy with but we needed to keep it out of the image.
