The easy answer to the problem: don't redistribute whatever it is you make.
It sounds easy, but it is actually very difficult to keep from distributing. You see, a distribution is a transfer between any two legal entities. So, for example, you hire a consultant and give him a copy of the software. Then you decide not to use the consultant any longer. He's annoyed, and he asserts his GPL rights on your entire product, and distributes it. You go to sue, and the copyright holder of the GPL piece gets involved and makes a case that you don't have the rights you think you did. Your NDA does not apply to GPL software because GPL prohibits you from adding incompatible terms.
In some cases, transfer between divisions, especially partnerships with one or more additional firms, are distribution. So, in practice, I think that purposefully not distributing is too difficult to do reliably.
It also does not work against Affero GPL3. If you perform that as a service, you have to give up the source code.
So, it is much easier to keep your software separate as I advise.
Thanks
Bruce
That was the reasoning used in my current company to never, ever risk integrating GPL software into our code, despite the fact that we never sell or release software. (We use the custom software internally to help build a physical product.)
This seems at odds with the GPL FAQ:
http://www.gnu.org/licenses/gpl-faq.html#DevelopChangesUnderNDA
Does the GPL allow me to develop a modified version under a nondisclosure agreement?
Yes. For instance, you can accept a contract to develop changes and agree not to release your changes until the client says ok. This is permitted because in this case no GPL-covered code is being distributed under an NDA.
You can also release your changes to the client under the GPL, but agree not to release them to anyone else unless the client says ok. In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions.
The GPL would give the client the right to redistribute your version. In this scenario, the client will probably choose not to exercise that right, but does have the right.
Is there something I'm missing? Are there specific provisions that should be included in NDAs and employee contracts to do this safely?