Hi, I managed to get there and I asked several questions.
Below is my subjective summary of the meeting. I've added conservancy in the CC in case they find this summary useful, as I wasn't able to do that while trying to follow the meeting at the same time. At some point somebody (not me) suggested to separate the legal concerns from the ethical concerns in conservancy recommendations[1], and I think it would be a good idea to do that in the Guix policy proposal about LLMs as well. At some point I asked: > The risk of having LLM output be under a license incompatible with the > FLOSS project (like nonfree code generated included in GPLv2+ > codebase) is not often talked about, why is that? I also asked about the case where the LLM output produces code under a copyleft license that is incompatible with the one used by the project. An example (not mentioned in the meeting) would be the CDDL and the GPLv2(+?) which become incompatible when compiled. And I was told that it was unlikely that the training data contained nonfree code unless it was leaked (as I understand people do post leaked source code on Github from time to time, and they told that Github (most likely?) didn't train on nonfree software like the nonfree Microsoft Windows source code for instance), so the most likely situation was to combine code under incompatible copyleft license, and in that case they were welcoming lawsuits. According to them 2 cases could happen: - Or the output can be copyrighted by the prompt author, and in this case we could probably use LLMs to produce features similar to nonfree software (like use an LLM to make Libreoffice complete enough to completely replace Microsoft Office) and copyleft the result. - Or the output has the license of the training data, and in this case the companies producing nonfree LLM models would have a huge legal issue (I don't remember why. Maybe it's because it invalidates their business model, or maybe they have to publish it all under copyleft licenses like the GPL, or it would just become illegal). They also talked about the fact that before LLMs there were a lot of legal risks projects didn't really take into account or talk about it (example: code copied from Stack Overflow[2]), but that globally speaking, lawyers manage to educate FLOSS communities about the most common issues and this way avoid most of the risks. I then asked about other related risks: > Assuming that the output of the LLM can be copyrighted, have you > considered the risk of copyright trolls using LLMs to detect copyright > issues and shut down projects and/or the power imbalance between FLOSS > projects and big companies involved in LLMs, some of which are trying > to actively shut down FLOSS projects (example: F-Droid, reference: > https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html). > Is there some assement of the risks that we could face in court here? > Or even risks of having terms of services modified later on to shut > some projects down? And as an answer, I was basically told that these risks were taken into account by people at Conservancy. This is also because the 1 hour of Q&A was ending at that point so the answer was kept very short. For the context, during the Q&A the legal information we got (like links to lawsuits) were about the US legal system. And as I understand, their most important recommendations go against LLMs (see for yourself in [1]), and they then try to see how to limit the damages if projects still use them. So my understanding is that there is still significant risks and/or uncertainty. They seem to also be motivated by the fact that employers force employees to use LLMs. They told that in a huge company the productivity was evaluated by LLM token count, and that before LLMs many employee managed to convince the companies to allow them to work on FLOSS for instance for one day a week. These concerns is also visible in their recommendations[1]. I also asked if the models being used to generate code could be used offline in a reproducible way, and the answer is currently no (they are not run on users computers but as SASS), so because of that Bradley Kuhn advocates for storing as much information as we can on how the LLM output was generated, in case we need crucial information on that later on. As for the feeling of this meeting, it was really nice as it wasn't confrontational at all and they was nothing pressuring people. Though I didn't manage to follow it all due to some disconnections at the beginning and also because of the heat wave (I was tired and I barely managed to prepare my questions and follow the answers to my own questions). At the end we also got a specific contact email address in case we have further questions (I've added them in CC). Also note that while I was allowed to post my notes and/or the meeting official notes on guix-devel, they asked participant to not share the meeting notes on social networks that are susceptible to trolling. References: ----------- [1]https://sfconservancy.org/llm-gen-ai/llm-backed-generative-ai-recommendations.html [2]They didn't talk about specifics at all on StackOverflow, but I did some research not so long ago, and if I recall it's possible to combine the CC-BY-SA 4.0 (stack overflow license) with GPL code (which version?) but that was complex to do (I didn't really understand how to do it in practice). In any case I personally document code when it is copied form StackOverflow and I also try to rewrite it unless it is in a canonical form which I assume is not copyrightable in at least the US jurisdiction as per the lawsuit between Oracle and Google on Java. Other laws might apply as well in other jurisdictions, like laws enabling student to use examples in programming books in projects they make if these projects aren't books. Denis.
pgpnTitKOOeOw.pgp
Description: OpenPGP digital signature
