On Thu, 9 Jul 2026 10:25:54 +0100
Steve George <[email protected]> wrote:

> I don't think I follow _how_ you think the situation will have
> changed Denis?
> 
> From what I can see:
> 
> - Before LLMs
>     - some code in the archive has copyright, some does not
> - After LLMs
>     - some code in the archive has copyright, some does not

I agree with that but it was not my point at all.

- Without LLMs: 
  Commits were made by people or tools and most of it was legal
  and re-distributable because:

  (1) Generally speaking people did the work, even if we had no
      Developers Certificate of Onwership. They wouldn't (massively)
      copy code from sources under incompatible licenses / leaked code,
      etc.

      Note that Linux didn't even bother to review patches without
      signed-off-by and not having that is a complete no-go.

  (2) What was copyrightable *didn't matter* unless we were trying to
      enforce the GPL in a lawsuit.

And here I'm not concerned about the GPL or copyleft. It is important
indeed but there are priorities.

And here my #1 priority is to keep Guix legal to be able to continue
using it as a dependency for GNU Boot, to enable the Chipflasher project
to still use it, etc. My #2 priority is to keep it free but that's not
what is discussed here.

Code/data generated by LLMs can come from projects under incompatible
licenses (like the CDDL, the BSD license that is incompatible with the
GPLv3, random code without license found on blog posts, etc).

According to conservancy leaked code could also make it in but this is
less likely.

So my concern here is that anything generated by an LLM could be
illegal, but if the code is not copyrightable we should be safe.

The problem is that it's hard to know for sure what is copyrightable or
not because:

(a) We were not used to do it before because *it didn't matter* for
    regular contributions, and we had lawyers for GPL enforcement.

(b) Courts had a hard time to distinguish that. So this is why we
    typically enforced on the work as a whole.

So here I just don't want to take this huge risk because I really do
care about Guix as long as it stays legal and fully free and I have
invested a countless amount of time in GNU Boot which depends on Guix.

And note that I was also attacked in the press and so on for that and I
even got as far as having panic attacks at some point due to how hard I
worked on it, so I would be *extremely* enraged to have all my work go
away just like that, just because people *cannot wait a few months* to
take a decision *in good conditions*.

Note that before, nobody took such crazy legal risks. Why should we take
them now?

Do you remember IBM vs SCO? Do you know what happened to ReactOS? Do you
know that mirrors of some distributions already had legal issues with
software patents in the past? That a person was ruined because the
judge messed up in the case of neo4j? All that is real.

You might want to individually take risks like that, but it's your
choice and your problem and that's not what is discussed here.

But for instance would you agree to personally sign legal documents
where you agree take all the legal risks related to LLMs in Guix in all
jurisdictions, and we'd make sure that these documents are enforceable
no matter what (by making sure that the agreement cannot be made
invalid and so on)?

If the answer is no, that might show you in practice how some
people like me feel, what solidarity means (not everybody has the same
risks, if you agree people may take advantage of that for instance, by
doing the riskiest things), and why we do care about that stuff.

What is discussed here is the risks for the project, for the people
reusing it, redistributing it (in a matter of fact I also do that), the
ability for research institutions to trust it, the ability for
companies that contribute to it to not have big legal risks (given how
small they are they may not even have access to copyright lawyers), etc.

A lawyer would know the risks better but this discussion is completely
absurd because we have to discuss and decide without even being
informed. So it would be an uninformed decision whatever is taken.

Lawyers as professional *are useful* and that in the past they manage
to distill the essential in the FLOSS communities, especially for the
people maintaining projects, reviewing patches, etc. The same goes for
may professions like doctors, etc.

But lawyers didn't have the time to do it for LLMs, but guess what, GNU
is working on exactly that. Conservancy might also publish things at
some point.

So the question is also if this mess can still be called consensus? What
happens when the decision is taken, do the project split? Is there a
war after that?

And note that here we are only arguing about waiting a few month, not
about banning LLMs, and GNU will publish guidelines at some point, and
these guidelines *will allow LLMs*, so that guarantee that we won't
forget about it.

And here GNU rules *are binding* and there was no GCD to leave GNU.
And so right now the use of LLMs for code/data is forbidden.

But if we wait:

- GNU will publish their rules and that could convince *more people* to
  allow LLMs. Here I would absolutely vote against this GCD because it
  does allow LLMs in ways where we can't predict the consequences (no
  lawyers were involved).

- We don't know if Guix would automatically allow LLMs or not because
  again there was no GCD to leave GNU so the GNU rules are binding, so
  at some point the rule to wait will go away and be replaced by
  GNU guidelines on LLM usage.

  Though it's also hard to know as the rules could also be guidelines
  for projects and conservancy leans more on having contributors assume
  that it's not-allowed by default, and declaring that they use LLMs
  etc.

> I don't think there's any circumstance where we'd have to rip out LLM
> code from the archive.

First it's not binary. Many people choose to depend on Debian because
it is legally clean. They do extensive licensing audit and so on. This
is also why there are so many derivatives, that makes it easy and low
risk for people.

And the risk can change overnight because of a court decision. It
did at the time of SCO vs IBM even without a court decision. If that
happens people would probably have to stop working on Guix
professionally etc.

And if for some reasons we need to remove code made by LLMs because we
were directly bitten by it already and that the risk of being bitten
again is just not acceptable, it might turn to be too complicated to do
and we'd probably have discussions way worse than these.

At that point it could be game-over for Guix and all the projects and
people that depend on it. So let's hope that this never happens.

Note that copyright-trolls do exist. LLMs and/or other tools also are
probably able to detect code copied from one project to another.

And again not everybody has the same risks. Go leak some Windows source
code and make sure it stays available and see what happens. And also see
what happens when Microsoft violates the GPL (HyperV).

And as far as I understand LLMs didn't make copyright disappear yet.

But again I'm not a lawyer and I have to discuss legal stuff, I really
really really don't like that.

And here I'm not telling I know all the truth, quite the opposite. I'm
just asking that we just make sure to:

(1) Make the decision process taking right. Like not bundle in hidden
    thing in the GCD.

(2) Take the decision with the right information.

That's not a lot to ask. And all that is crucial to reduce infighting.
Not doing both is a recipe for disaster.

And this isn't a game, people's live depend on Guix now. Several people
are employed to work on Guix.

I personally also have a huge stake in the outcome as well as I spent a
huge amount of resources on GNU Boot.

So given the right conditions, people *can* take the right decision for
the project.

Given the wrong conditions, everything is possible, things could go
completely out of control, etc...

I didn't follow all the discussions so maybe that's already what is
happening?

> Even if we accepted LLM code the majority of our code would be
> human generated for a long time to come, which would mean we'd still
> retain copyright overall [0].

This is not my concern at all here. My concern is to make it possible to
continue redistributing Guix and depending on it.

The issue of if the whole is copyleft or not is another issue and given
the debates I would rather insist on the *extreme bare minimum* so that
I could continue to depend on Guix no matter what is chosen.

Though note that copyleft also provides many legal protections. For
instance a security fix has to be compatible with the GPLv3 here and
that protects us, especially with regulations like the CRA in Europe.

But the debates conditions here are not good. So I guess it would favor
the extremes, and pressuring people, and a lot of bad things.

I've seen this happen already in other contexts. And I don't want that.

Am I the only one? Can we stand up for good debates conditions? What's
the online equivalent of a protest by the (silent?) majority?

Are other people not OK with how the discussions are going right now?

> The reality is that even when the FSF eventually releases a policy,
> it will be base on the USA jurisdiction, and it will just be an
> "opinion" by them. We won't know if their opinion is right, or right
> in all circumstances for many years. It will take many rulings in
> court around the world to figure out the the precise details of
> copyright and automation (LLMs).

That's a huge assumption and the GPLv3 has been internationalized for
instance so that doesn't match everything that GNU or the FSF does. And
I would assume that for something this important they do take into
account the wider context than just USA.

And who knows, the FSF and/or GNU may not even stay in the USA in the
long run, I guess it depends on how the political situation evolves
there.

> I'm not sure that copyright is a good pillar to lean on for the
> project being pro/anti-LLM.

That's not the point *at all* here. Copyright is important and for me
it's way more important than the issue of LLMs.

And note that I can agree to many things, including the inclusion of
code/data generated by LLMs as long as the legal risk is low, the fact
that Guix leaves GNU (Trisquel isn't GNU).

But I am the co-maintainer of GNU Boot and Guix is a hard dependency of
GNU Boot. I just don't want to depend on something that is legally ultra
risky. The Chipflasher which we also depend on is made by a business.

It cannot afford lawyers. And here the person behind it also did
countless sacrifices for that. And that project is extremely intertwined
with Guix (like you cannot even easily package the software in other
distributions without a *huge* amount of work). I cannot afford lawyers
either.

Should I start telling people that there is a problem and that they
should stop depending on Guix? Some of them would be outraged as well.

But right now as the policy is I would rather vote against LLMs rather
than having to stop working on GNU Boot. And here I would definitely not
go quietly, and I'm probably not the only project affected.

But if you really do want LLMs, please wait a bit. It would also be
less painful than dealing with the mess we have now.

Denis.

Attachment: pgpfBsYgCVLpj.pgp
Description: OpenPGP digital signature

Reply via email to