I can’t tell you how many times I have heard people predict the death of open source software over the years. Each time some new tech trend arrives–crypto, source available licensing, SaaS–people predict the death of open source. Lately, people have been predicting the death of open source because of AI code generation, and while some of the facts they cite are undeniable, their conclusions are not supportable.
This week, many people sent me the link to the Malus “Clean Room as a Service” announcement. I don’t think I’ve ever had so many people send me a single link. Now, this website is fake, but you have to wade into it a bit to figure that out. No real company would be foolish enough to represent anything as “legally distinct,” for example. The name “Malus” suggests a bad actor, and I guess it’s a pun on Manus, a popular AI agent. So, it seems site is a troll.
(And to the trademark lawyers: Gentlemen, start your engines.)
The Malus post says:
Finally, liberation from open source license obligations. Our proprietary AI robots independently recreate any open source project from scratch. The result? Legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems.
The implication is clear: AI coding agents are bad actors that are killing free software.
I wrote about the AI use case of clean room development nearly a year ago. I didn’t cast it as a catastrophic prediction of the death of open source, so no one got excited. But it’s interesting to look beyond the political theater and analyze what is really going on here.
Copyleft Has Died Many Deaths
There are two kinds of open source licenses–the permissive and the copyleft. Permissive licenses don’t require you to do much, so nobody would ever bother re-engineering software that is available under a permissive license. Ergo, the Malus website is about copyleft. Copyleft licenses require you to share source code when you share binaries. Copyleft licenses like GPL were the original free software licenses, and were extremely popular in the early days of the free software movement.
The death of copyleft has been predicted for a long time, and in fact it is already dying. Copyleft as a licensing paradigm has been experiencing a steady decline over the past two decades. This is because of licensor choice, not an international conspiracy to kill copyleft. Over time, more and more software has been released under permissive licenses instead. The software under permissive licenses has become more and more important in computing. All that happened long before the advent of AI coding.
Why did it happen? In a way, copyleft became a victim of its own success. Back in the late 1990s, copyleft was a catalyst. The only way to get large organizations to collaborate on developing software was by forcing them to do so with a legal mechanism. That mechanism was GPL. It compelled them to share their source code, under threat of copyright infringement lawsuits. Before the early 2000s, large technology organizations would never have voluntarily shared their improvements, rather than keeping their improvements secret and proprietary. But over time, technology companies learned the value of collaboration. As developers decided to voluntarily share their improvements over time, the legal threat of GPL became an artifact.
The truth, I think, is that we’ve been living in a post-copyleft world for quite a while. Copyleft licenses are expensive and difficult to enforce, and in fact are rarely enforced. Almost all enforcement in the open source world is done via moral suasion and education about the benefits of collaboration.
“We view legal action as a last resort, to be initiated only when other community efforts have failed to resolve the problem.”–From the Linux kernel enforcement statement, which was signed by over 100 major kernel contributors.
Overall, voluntary collaboration has worked extraordinarily well; open source software is ubiquitous. Proprietary software, in this sense, is like cigarettes. In the 1960s, smokers were everywhere and smoking was cool. Now, smoking is considered trashy. That was a huge shift in attitude. And yes, there were laws that supported that change: workplaces and public buildings became non-smoking. But that wasn’t what make the change so successful. It was a collective realization that smoking was a really bad idea.
Similarly, there was a flurry of enforcement of GPL in the 1990s and early 2000s, but then it tailed off. Simultaneously, the Linux Foundation grew into a $300 million-a-year organization, with all the world’s biggest companies supporting collaborative development. We are now so accustomed to that “new normal” that we have have forgotten what a sea change it represents. That sea change didn’t happen because these companies feared the legal might of GPL. It happened because they figured out that it made more sense to collaborate on infrastructure than to individually re-invent the wheel.
Some free software advocates argue there’s a great deal of noncompliance for copyleft licenses. That’s true, but that doesn’t mean open source is not working. It just means it’s not working perfectly–and nothing works perfectly. In fact, today, compliance with open source licenses is better than it ever has been. It took many years for the culture of compliance to permeate the industry. It did so because open source devotees grew their ranks in private industry, and because license compliance goes hand-in-hand with security management. Meanwhile, the killer app for copyleft, the Linux kernel, is extraordinarily successful–to the point that it has eclipsed all other operating systems. And open source now runs everything.
Don’t Embarrass Yourself by Celebrating the Opportunity to Fork
The Manus hoax imagines developers celebrating their freedom from open source license requirements. Let’s take an extreme case for illustrative purposes. Imagine a fictional developer who is faced with the task of developing an operating system for an embedded system. Most developers would start with the Linux kernel. It’s freely available, it’s high-quality, and there are lots of engineers in the talent pool who are familiar with it. That reduces the developer’s cost in important ways. Easier recruiting. Less debugging. Community support. Better security.
But it’s licensed under GPL, and GPL has requirements.
Now, suppose this developer decides that it needs to keep its customizations proprietary–which would violate GPL. So it does a clean room implementation of the Linux kernel using an AI coding tool. Would that be a good idea?
Seriously?
That would be a terrible idea. Once you reimplement in order to avoid the license, you have essentially created your own fork of the project. Everyone knows it’s a terrible idea to create custom forks of open source projects. Your maintenance cost increase. Your security costs increase. Your talent recruitment and training costs increase. You have earned yourself a mountain of technical debt. The Linux Foundation recently released a timely report estimating the technical debt for maintaining private forks to “an average of 5,160 labor hours, or $258,000, per release cycle.” That’s a lot of expense.
Only ignorant and sub-optimizing tech managers–or maybe tech investors–would think it’s a good idea to incur those kind of costs in order to “protect” their IP. These are the same people who sit in board meetings parroting fears about IP value instead of figuring out how to build good products. They have the mindset of patent trolls, not innovators. No self-respecting developer would fall for this thinking error.
Copyleft is not dead–at least, no deader than it already was. Forking projects is too costly, and complying with open source licenses is too easy. Yes, there will be scofflaws and there will be those who want to re-invent the wheel in order to hold onto their perceived IP advantage, but they can travel their own path, and see their businesses struggle as a result. The rest of us will be whistling as we keep traveling on on the open source road.
What Truly Dies Without Copyleft?
There is one thing that truly is threatened by the putative death of copyleft, and that is the pure dual licensing business model.
Dual licensing, which was pioneered by MySQL in the 1990s, is a business model where you release something under GPL, then sell alternative licenses to those who can’t comply. In the open source world, this is sometimes referred to as selling exceptions. It only works when the project steward has the right to choose alternative licenses, either because it owns all the copyright in the project, or uses contribution licenses to clear rights in outside contributions.
In fact, true dual licensing has become quite rare in the last decade. Almost all businesses today that use the threat of GPL enforcement are owned by private equity, and the others who build businesses around open source have morphed into open core models. Open core provides a core of open source software for free, then sells enterprise features like compliance certifications, collaboration features, managed SaaS, or SSO. And almost all these businesses use permissive licenses, not copyleft licenses. So, the death of copyleft is not even a blip to them.
A Post Copyright/left World
Taking the long view, AI coding might mean that we are in a post-copyright world. But copyright was always an awkward fit for software. Copyright protects expression, not function, and the value of software is that it is functional, not beautiful.
It was always possible to clean-room software to avoid its copyright. It just used to be labor-intensive, and now it’s not. But I invite you to consider that this is not such a bad thing. Software now needs to prove its value proposition the way other products do, rather than via threats of IP infringement.
And the threats have been a drag on software development. The last few decades have seen developers spend millions of dollars on open source compliance, down to the level of trying to ferret out 5-line snippets from Stack Overflow in their code. Who really benefitted from that, other than Black Duck? The Malus site says that companies doing development “spend millions on software composition analysis tools like Snyk and Black Duck.”–and that is entirely true. This is what the legal threat of copyleft bought us: decades of unnecessary remediation and negotiating draconian open source terms in deals to allocate the risk for a specter of copyleft enforcement.
This waste of energy came from over-emphasis on threats of enforcement, which, over the years, came to be a goal itself, instead of a way to educate developers on the benefits of collaboration. Over time, the free software community seemed to convince itself that GPL as a legal weapon is the goal of free software, not just a tool to support open development models. Proprietary software developers and free software advocates alike have sown Fear, Uncertainty and Doubt (FUD), and derailed what should have been the lesson of the open source movement: that collaboration produces better code.
People love open source software not because it’s free, but because it is open. That openness brings all sorts of benefits. Fear of lawsuits has skewed the discussion toward the cost of acquisition: Is it better to buy proprietary software or incur the cost of GPL compliance? But the much more interesting conversation is about the benefits, and the benefits of open source software have proven themselves, so repeatedly and decisively that they hardly bear explaining anymore.
Death, or Afterlife?
I find it curious that people seem to enjoy constantly predicting the death of all good things. Anyone who reads the news today can’t help but be appalled by the predictions of apocalypse that bombard us at every turn, all to garner clicks and views and waste our day with doomscrolling. It’s a shame that so much of our society today is about generating fear via misinformation. It’s also a danger, because focusing on doom derails the conversation from the right focus–like how can AI help generate and refine software so we can do more and better things with it. We will accomplish nothing with visions of HAL 9000 dancing in our heads.
It is not so easy to kill something like open source. Free and open paradigms are self-actuating. The invisible hand of the market makes them so. Too many people benefit from these paradigms to let them die, and humans are very clever at protecting what works for them.
Copyleft will survive, to the extent it deserves to survive, and open source is stronger than ever.
