We're speaking in the context of Github. Github, specifically, makes the improbable "exploit" of this loophole much more probable. Maybe not particularly
likely, but likely enough to be a risk that should be considered.
As part of my job, I contribute to an open source project, using Github. I sync my Github to upstream so it's up to date, and commit our changes to it.
That way, our contributions are publicly accessible. In fact, they are publicly accessible in the context of a complete copy which includes our contributions.
That last sentence is key. What Github users publish on Github is a copy of the devel branch with their contributions added (but also including all contributions
from anyone else, including contributions not yet approved for the release version.)
Suppose I work for SpaceX, maintaining the SpaceX blog via Wordpress.
Using Github, I make our contributions to Wordpress public (as part of a complete Wordpress devel tree.)
Someone else at SpaceX invented a widget which is patented.
Orbital Science, a SpaceX competitor, could commit a Wordpress plugin which somehow relates to the patent.
My Github would automatically fetch their commit.
Now my company, SpaceX, is distributing code related to the patent, without ever having heard of Orbital Science's plugin.
Our patent is therefore nullified by the terms of GPLv3, if Wordpress were GPLv3.
That's WHY Wordpress is not GPLv3, but GPLv2, because v3 says:
Each contributor (SpaceX) grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version (including the Orbital Science plugin they've never heard of, but which was automatically mirrored).
Note that the license includes the right to modify it, such as by deleting 99% of it, leaving only the Orbital Science code, without any other part of Wordpress.
Therefore, Orbital Science can force SpaceX to license their code just by doing a Github commit to any project that SpaceX has a Github for.
Is it likely that Orbital Science would do that? Would some judges follow the actual text of the license and allow OR to pull that trick?
Maybe, maybe not. If you've committed $20 million in R&D to _anything_ you have a patent on, would you want to risk a competitor doing a sneaky trick like that?
One defensive solution, if you HAVE to contribute to a GPLv3 project, is to explicitly leave copyright with the individual author, who publishes it on his personal Github rather than having the company post it on Github. Assuming the author doesn't have any patents and never will, that works okay.