Copyleft-next and the kernel [LWN.net]

By Jake Edge
July 13, 2021

The Linux kernel is, as a whole, licensed under the GPLv2, but various parts and pieces are licensed under other compatible licenses and/or dual-licensed. That picture was much murkier only a few years back, before the SPDX in the kernel project cleaned up the licensing information in most of the kernel source by specifying the licenses, by name rather than boilerplate text, directly in the files. A recent move to add yet another license into the mix is encountering some headwinds, but the license in question was already being used in a few kernel files, and has been for four years at this point.

SPDX is more formally known as the Software Package Data Exchange; it is a Linux Foundation project that has created an "open standard for communicating software bill of material information, including provenance, license, security, and other related information". In the kernel, SPDX identifiers are used to identify the license as a comment at the top of a source file; for example:

    // SPDX-License-Identifier: GPL-2.0-only

For tooling reasons, SPDX headers in .c files use the "//" form of comments, while .h files use the more traditional "/* ... */" form; both use license identifiers that refer to licenses that are stored in the LICENSES directory of the kernel source tree.

On July 7, Luis Chamberlain posted a patch set that added the copyleft-next 0.3.1 license to kernel tree and cleaned up four uses of that license in the tree. The copyleft-next project goes back a ways; it started in 2012 as a GPLv3 fork called GPL.next, but soon took on a more neutral name. It is an attempt to create a strong copyleft license, in the mold of the GPL, but in simpler language that is easier to understand than GPLv3. It is explicitly written to be compatible with the GPL, so one could imagine kernel contributions that were solely licensed under copyleft-next. But, at least so far, all of the contributions using copyleft-next are dual-licensed as GPLv2 and higher (GPLv2+) as well.

Backstory

Chamberlain's patch set did not come out of the blue. In an earlier patch set, he proposed a kernel self-test for sysfs. As with other tests he has written, this test was dual-licensed under GPLv2+ and copyleft-next (0.3.1). But Greg Kroah-Hartman said that the GPLv2+ boilerplate in the code was not needed, "only the spdx line is needed". He also asked that the copyleft-next license be removed: "Please no, this is a totally different license :(".

But, as Chamberlain pointed out, the use of copyleft-next in the kernel had been discussed back in 2016; Linus Torvalds had no objection to its use and the comment text was worked out with Alan Cox and Ted Ts'o at the time. In 2017, test_sysctl was merged using that text to indicate the dual license covering the code. During the discussion, Kroah-Hartman acked a patch that added copyleft-next as an option in the kernel tree.

The copyleft-next license is not listed in the kernel's LICENSE directory, however, so the SPDX lines in Chamberlain's test drivers only refer to GPLv2. That is not correct, as Kroah-Hartman noted, but he also had a more fundamental objection:

And given that this is directly interacting with sysfs, which is GPLv2-only, trying to claim a different license on the code that tests it is going to be a total mess for any lawyer who wants to look into this. Just keep it simple please.

Chamberlain, however, sees things differently with regard to the license compatibility:

The [fault] injection code I added follows the exact license for sysfs. The only interaction with the test_sysfs and sysfs is an exported symbol for a completion structure. The other dual gpl OR copyleft-next test drivers already present in the kernel also use exported symbols too, so I see nothing new here.

Adding copyleft-next

There was a problem with copyleft-next not being in the kernel's license list, though, and thus the SPDX lines not truly reflecting the license status of the four files that had already been added (lib/test_kmod.c, lib/test_sysctl.c, and the corresponding shell scripts in tools/testing/selftests). For the C files, Chamberlain's patch removes the boilerplate and updates the SPDX line as follows:

    // SPDX-License-Identifier: GPL-2.0-or-later OR copyleft-next-0.3.1

The shell scripts have the equivalent change but, naturally, use "#" for the SPDX comment.

Christoph Hellwig replied to the cover letter of the patch set, asking about the need for a "random weirdo license" to be added to the kernel tree. Chamberlain noted that the license is already being used on kernel code; in the patch adding the license text, he also gave a list of a dozen copyleft-next benefits that he sees:

It is much shorter and simpler
It has an explicit patent license grant, unlike GPLv2
[...]
There is a built-in inbound=outbound policy for upstream contributions (cf. Apache License 2.0 section 5)
There are disincentives to engage in the controversial practice of copyleft/ proprietary dual-licensing
In 15 years copyleft expires, which can be advantageous for legacy code
There are explicit disincentives to bringing patent infringement claims accusing the licensed work of infringement (see 10b)
There is a cure period for licensees who are not compliant with the license (there is no cure opportunity in GPLv2)
copyleft-next has a 'built-in or-later' provision

But Kroah-Hartman is concerned about adding more licenses to the kernel; instead "we should be trimming them down to be less as it makes things simpler and more obvious". He noted that Chamberlain could switch the licenses of the four files, thus avoid needing to add copyleft-next. He also reiterated his arguments about the dual-licensing for test_sysfs, but said that he is sympathetic to proponents of copyleft-next:

[...] I do not want to see your "test_sysfs.c" module as a dual-licensed file, as that makes no sense whatsoever. It is directly testing GPL-v2-only code, so the attempt to dual license it makes no sense to me. How could anyone take that code and do anything with it under the copyleft-next license only? And where would that happen?
I understand the appeal of copyleft-next in that it resolves many of the "grey" areas around gplv2, but given that no one is rushing to advise us to relicense all of the kernel with this thing, there is no need to encourage the spread of it given the added complexity and confusion that adding another license to our mix can only cause.

The main organizer behind the copyleft-next project is Richard Fontana, but Bradley M. Kuhn worked on it as well, which he was quick to point out in a disclaimer on his response to Kroah-Hartman. Kuhn noted that there is already a bunch of code in the kernel that is dual-licensed, many with either the two- or three-clause versions of the BSD license, which is evidently not a problem for kernel developers: "There is no cogent argument that I can see that says '(GPLv2-only|{2,3}-Clause-BSD) is so special that it should be grandfathered in over other forms of dual licensing'." Beyond that, though, since no one has done so, Kuhn wanted to "be the first to advise" the kernel community to switch the kernel license to copyleft-next, though he recognized the impossibility of that task.

Tim Bird pointed out that the dual-licensing with BSD has resulted in "the interchange of a lot of code between the BSD Unixes and Linux, that otherwise would not have happened". It is very much in keeping with Torvalds's "tit-for-tat compact" to allow code improvements to flow both ways, he said. Kuhn agreed with Bird and hopes to see the same happen with projects that are released under copyleft-next, though there are far fewer of those.

In the final analysis, as long as the other license is compatible with GPLv2, which copyleft-next is (so are BSD and others, of course), then it is up to the contributor to decide on the license(s), as Joe Perches said. The situation is analogous to the addition of the CC-BY-4.0 license to the kernel back in December; that was done because a documentation contributor wanted to dual-license their text. The contributor in this case, Chamberlain, feels strongly that copyleft-next is the right license for his code. He understands that there are other considerations for a large project like Linux, so he is taking a slow approach while trying to be conscious of the needs of others and the project as a whole. "My personal development goal is I will embrace copyleft-next for anything new I write, and only use GPLv2 or another license when I am required to do so."

Of the benefits that he listed, the explicit patent grant is the most important to Chamberlain. He is concerned about a future without such a grant:

The license is one of the only few licenses (if not only?) which is GPLv2 compatible and also has an clear patent grant. I have reasons to believe, we as a community face serious challenges if we don't grow our collection of code with explicit patent grants. And so any new project I create will have such licenses. It is simply my preference, and if I can contribute code to Linux in a "safe place" to slowly build traction of it, then fantastic.

Given that the license has been present in the kernel since 2017, and that it did not come in under cover of darkness, the changes Chamberlain has proposed seem like they should be relatively uncontroversial. There are certainly valid concerns about license proliferation, both within the kernel and without, but the main issue for the kernel community would seem to be satisfied by GPLv2 compatibility. It is possible that other compatible licenses will also need to be added to the LICENSES directory from time to time, but that seems a fairly small price to pay for useful contributions.

Index entries for this article
Kernel	Copyright issues

to post comments

Copyleft-next and the kernel

Posted Jul 14, 2021 10:32 UTC (Wed) by smoogen (subscriber, #97) [Link] (11 responses)

My main concern with the copyleft-next code is section 8:

```
8. Copyleft Sunset

The conditions in sections 3 through 5 no longer apply once fifteen
years have elapsed from the date of My first Distribution of My Work
under this License.
```

While fifteen years sounds like a long time, if Linus had put the kernel under this license in early 1992, then in 2008 the entire kernel would have gone in a 'weird' state because definitions of 'My Work' etc would be contested. Is someones patches in 2007 now also 'BSDish?' because the first distribution was 15 years before then? Or does 'My Work' mean every subsection written by different authors so end up with different lines aging out on different days? Or is 'My Work' each release of the kernel.

```
"My Work" means the particular work of authorship I license to You
under this License.
```

while plain legal English may be too plain for a long living project of code covered by said code. [That said, I doubt in 1992 I thought I would be spending the next 30 years of my life working with Linux.. so having 15 years of it under BSD-like might have worked out ok.]

Copyleft-next and the kernel

Posted Jul 14, 2021 13:58 UTC (Wed) by Paf (subscriber, #91811) [Link] (2 responses)

This is a pretty standard debate, I think, pretty similar to authorship itself - how much do you need to change/add before you can claim copyright in something of which you are not the originator?

There’s no simple answer.

Copyleft-next and the kernel

Posted Jul 14, 2021 20:10 UTC (Wed) by NYKevin (subscriber, #129325) [Link] (1 responses)

Well, there is an answer, it's just not an answer that anyone wants to hear: "Go to court and the judge will tell you."

But as a rule of thumb, the threshold of originality is generally quite low. If you just fixed a typo, you probably can't claim copyright on the fix alone. If you (re)wrote or substantially refactored* a whole function, you probably can claim copyright on that.

* You might argue that refactoring should not be eligible for copyright protection because it makes no functional change to the software. This is incorrect. Copyright does not care at all about functionality, and "it's functional" is in fact an argument *against* copyright protection (e.g. you might not be able to copyright a "hello world" program, because there's usually only one reasonable way to write such a program). Copyright protects the creative expression of an idea or concept (but not the idea or concept itself); refactoring code to make it clearer or easier for a human to understand is definitely the right sort of work to merit copyright protection. The only thing that matters is scale: whether you refactored enough code and made enough changes to that code.

Copyleft-next and the kernel--originality

Posted Jul 21, 2021 5:04 UTC (Wed) by carORcdr (guest, #141301) [Link]

Originality is a constitutional requirement. Constitution of the United States, Art. I. sec. 8[8], 1 Stat. 10; Feist Publications, Inc. v. Rural Telephone Service Company, Inc., 499 US 340 (1991); The Trade-Mark Cases, 100 U.S. 82 (1879). Some minimal degree of creativity is requred. Feist Publications.

"Refactoring" is not reflected in the Law of the Land, but compilations and derivative works are. Pub. L. 94-553 [sed. 103], 90 Stat. 2541, 2544 (1976). It is only that portion of the 'refactoring' that is original to the author. Feist.

Copyleft-next and the kernel

Posted Jul 14, 2021 14:29 UTC (Wed) by rfontana (subscriber, #52677) [Link] (4 responses)

"Is someones patches in 2007 now also 'BSDish?' because the first distribution was 15 years before then? Or does 'My Work' mean every subsection written by different authors so end up with different lines aging out on different days? Or is 'My Work' each release of the kernel."

Of those 3 possibilities, the answer ought to be the second I think --- for a project consisting of multiple copyleft-next-licensed contributions over a period of time, the project consists of multiple "My Work"s, each transitioning from copyleft to non-copyleft on a different schedule. I would argue this is actually not different in the GPL (where, for a project like the kernel, there are multiple "Programs" with different initiation dates and different licensors), except that the transition would be dependent on the expiration of the vastly lengthier statutory term of copyright.

Copyleft-next and the kernel

Posted Jul 14, 2021 18:43 UTC (Wed) by mattdm (subscriber, #18) [Link] (1 responses)

As a non-legally person, that wasn't apparent to me at all, even though on reflection it makes more sense than my naïve assumption. Perhaps this could be made more obvious in a future version of the license?

Copyleft-next and the kernel

Posted Jul 14, 2021 20:05 UTC (Wed) by rfontana (subscriber, #52677) [Link]

Yes, I think it should be made clearer. The underlying concept is pretty simple.

Copyleft-next and the kernel

Posted Jul 14, 2021 21:21 UTC (Wed) by rgmoore (✭ supporter ✭, #75) [Link] (1 responses)

I don't think there's much practical difference between the second and third option. The logical interpretation of the license is that the 15 year wait for code to be available starts as soon as it's released, and re-releasing it doesn't somehow reset the waiting time*. In that case, you can always go back to the earliest release that has the code you want to copy as a basis for copying it. If the license applies to the software as a whole, it would also apply to each individual part, so you would be able to take whatever snippet you want. Similarly, if the license applies to each part, it should also apply to the whole.

As a practical matter, I think this kind of thing has real dangers that would make me leery of reusing the code from a project under this license. Yes, you're in no trouble if you copy the code verbatim. But what happens if there's a bug in the code you copied, and your patch for the bug happens to be the same as the way the original project fixed it and that code is still under copyleft? Your code is now a duplicate of copylefted code, and it doesn't matter legally if you arrived at the solution independently.

*IANAL, but I think that trying to reset the clock this way would be legally dicey even if that's what the license purported to do.

Copyleft-next and the kernel

Posted Jul 14, 2021 23:33 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

> But what happens if there's a bug in the code you copied, and your patch for the bug happens to be the same as the way the original project fixed it and that code is still under copyleft? Your code is now a duplicate of copylefted code, and it doesn't matter legally if you arrived at the solution independently.

If you can convince a judge that your solution really was independent, and you didn't look at their solution, then it's unlikely to be copyright infringement under US law, because copyright infringement only happens when you do one of the things listed in 17 USC 106[1] without permission. "I came up with it independently" is not any one of those things. Of course, good luck proving that unless you're doing some kind of clean-room reimplementation. For larger and more complicated changes, you might be able to use intermediate Git commits as evidence of originality, so hopefully you're not one of those git squash people.

OTOH given that you really did come up with it independently, you may be able to argue that the similarity between your code and theirs is purely functional, and not subject to copyright protection in the first place.[2] This is especially likely to be the case for simple one-line bug fixes, where there's only one or two reasonable ways to fix it (e.g. "this loop is off by one, so switch the <= to <, or add/subtract one somewhere"). You might also raise a fair use, de minimis, or merger/scènes à faire defense, depending on the circumstances.

[1]: https://www.law.cornell.edu/uscode/text/17/106
[2]: See 17 USC 102(b): https://www.law.cornell.edu/uscode/text/17/102

Copyleft-next and the kernel

Posted Jul 14, 2021 21:13 UTC (Wed) by josh (subscriber, #17465) [Link] (2 responses)

I don't think copyright should last as long as it does. As long as it *does* last that long, though, I think copyleft should last just as long.

Copyleft-next and the kernel

Posted Jul 16, 2021 21:56 UTC (Fri) by marcH (subscriber, #57642) [Link] (1 responses)

Come on Josh, how come you never think about your future grand-grand-children when you write code? :-)

Copyleft-next and the kernel

Posted Jul 21, 2021 7:27 UTC (Wed) by Wol (subscriber, #4433) [Link]

Copyright should be short, and transition to trademark when it expires, if it's still of value. So Disney could protect Mickey with trademarks, and the rest of us get to access all that stuff that's old and worthless after 10 years (I don't know the figure, but the commercial value of most copyrights after that long is about £0.00).

Or just create a "register of extended copyrights" which it is the copyright holder's duty to keep up-to-date. If you don't keep your contact details up-to-date every, say, 5 years so that people can contact you for permission, it falls off the register and can't be put back.

Imho for personal copyrights at least term should be the greater of 25 years, life of author, or 120th birthday of author. That's not really a major change from what it is now. Commercial copyright is a bit more tricky ...

Cheers,
Wol

Copyleft-next and the kernel

Posted Jul 14, 2021 10:36 UTC (Wed) by flussence (guest, #85566) [Link]

Worth adding that this situation isn't new at all: anyone who used CRDA in the past *8* years (though it's been obsolete for most of that) is using wifi drivers dependent on copyleft-next code.