This does nothing to shield Linux from responsibility for infringing code.
This is essentially like a retail store saying the supplier is responsible for eliminating all traces of THC from their hemp when they know that isn’t a reasonable request to make.
It’s a foreseeable consequence. You don’t get to grant yourself immunity from liability like this.
Shield from what exactly? The Linux kernel is not a legal entity. It's a collection of contributions from various contributors. There is the Linux Foundation but they do not own Linux.
If Linux were to contain 3rd party copyrighted code the legal entity at risk of being sued would be... Linux users, which given how widely deployed Linux is is basically everyone on Earth, and all large companies.
Linux development is funded by large companies with big legal departments. It's safe to say that nobody is going to be picking this legal fight any time soon.
The Linux DCO system was designed to shield Linus and the Linux foundation from copyright and patent infringement liability, so they were certainly worried that it was a possibility.
However, there is no legal precedent that says that because contributors sign a DCO and retain copyright, the Linux Foundation is not liable. The entire concept is unproven.
Large company legal departments aren’t a shield against this kind of thing. Patent trolls routinely go after huge companies and smaller companies routinely sue much larger ones over copyright infringement.
An open-source project receiving open-source contributions from (often anonymous) volunteers is not even close to analogous to a storefront selling products with a consumer guarantee they are backing on the basis of their supply chain.
Do you think that Goodwill should be able to offload all liability for everything they sell at their thrift shops to their often anonymous donors?
Linus makes $1.5 million per year from the Linux foundation. And the foundation itself pulls in $300 million a year in revenue.
They are directly benefiting from contributors and if they cause harm through their actions there’s a good chance they’ll be held liable.
Quite a lot of companies use and release AI written code, are they all liable?
1. Almost definitely if discovered
2. Infringement in closed source code isn’t as likely to be discovered
3. OpenAI and Anthropic enterprise agreements agree to indemnify (pay for damages essentially) companies for copyright issues.
What would be "discovered" exactly? You can't patent a basic CRUD application.
There has to be an analogy to music or something here - except that code is even less copyrightable than melodies.
Yes, there might be some specific algorithms that are patented, but the average programmer won't be implementing any of those from scratch, they'll use libraries anyway.
I’m not talking patents. Code is 100% copyrightable.
Code being copyrightable is the entire basis for open source licenses.
s/patent/copyright/ in my comment then.
What part of a bog-standard HTTP API can be copyrighted? Parsing the POST request or processing it or shoving it to storage? I'm genuinely confused here and not just being an ass.
There are unique algorithms for things like media compression etc, I understand copyrighting those.
But for the vast majority of software, is there any realistic threat of hitting any copyrighted code that's so unique it has been copyrighted and can be determined as such? There are only so many ways you can do a specific common thing.
I kinda think of it like music, without ever hearing a specific song you might hit the same chord progressions by accident because in reality there are only so many combinations you can make with notes that sound good.
Yep, and honestly it's going to come up with things other than lawsuits.
I've worked at a company that was asked as part of a merger to scan for code copied from open source. That ended up being a major issue for the merger. People had copied various C headers around in odd places, and indeed stolen an odd bit of telnet code. We had to go clean it up.
Headers are normally fine. GPL license recognises that you might need them to read binary files.
> This does nothing to shield Linux from responsibility for infringing code.
It’s no worse than non-AI assisted code.
I could easily copy-paste proprietary code, sign my name that it’s not and that it complies with the GPL and submit it.
At the end of the day, it just comes down to a lying human.
That’s the difference. In practice a human has to commit fraud to do this.
But a human just using an LLM to generate code will do it accidentally. The difference is that regurgitation of training text is a documented failure mode of LLMs.
And there’s no way for the human using it to be aware it’s happening.
You can not accidentally sign your name saying “this code is GPL compliant”
If you can’t be sure, don’t sign.
Yes but if you do that manually you are in bad faith, if you ask an AI to do it you have no idea if you are going to be liable of something or not.