The author of the popular Ruby library mimemagic, which has over 100 million downloads, was forced to change its license from MIT to GPLv2 due to the discovery of a violation of the GPLv2 license in the project. RubyGems retained only versions 0.3.6 and 0.4.0, which were shipped under the GPL, and removed all older MIT-licensed releases. Moreover, the development of mimemagic was stopped, and the repository on GitHub was transferred to an archived state.
These actions resulted in the ability to build projects that use mimemagic as a dependency and are distributed under licenses that are incompatible with GPLv2. When using the new version of mimemagic, developers of other projects, including proprietary ones (the MIT license allows such use), are required to relicense their code under the GPL. The problem was aggravated by the fact that older versions under the MIT license were no longer available from RubyGems.org. If package caching is not enabled on the build server, attempting to build projects with previous versions of mimemagic will fail.
The Ruby on Rails framework, which loads mimemagic among its dependencies, was also hit. Ruby on Rails is licensed under the MIT license and cannot include GPLed components. The problem has become global - if the change directly affected 172 packages, then taking into account dependencies, more than 577 thousand repositories were affected.
Violation of the GPL license in the mimemagic project is associated with the delivery of the freedesktop.org.xml file in the code, which is a copy of the MIME type database from the shared-mime-info library. The specified file is distributed under the GPLv2 license, and the shared-mime-info library itself is licensed under the ISC license, compatible with the GPL. mimemagic's source code is distributed under the MIT license and distribution of components under the GPLv2 license requires distribution of the derivative product under a GPLv2 compliant license. The maintainer of shared-mime-info noticed this and the author of mimemagic agreed to the requirement to change the license.
The solution would be to parse the XML file on the fly, without supplying freedesktop.org.xml as part of the library, but the mimemagic maintainer froze the project repository, so someone else would have to quickly do this work. It is possible that if the author of mimemagic does not want to return his project to operation (he has refused so far), it will be necessary to create a fork of mimemagic and replace the dependency in all related projects. The transition of mimemagic-based projects to the libmagic library is also being considered as an option.
Source: opennet.ru