What is copyleft?
Copyleft is the open-source licensing approach pioneered by Richard Stallman and the Free Software Foundation (FSF) in 1989 with the GNU General Public License (GPL). Copyleft uses copyright law to require that derivative works of copylefted software remain open source under the same licence — a “viral” mechanism that propagates source-code availability across the software supply chain. Copyleft contrasts with permissive licences (MIT, Apache, BSD) which allow proprietary modification and redistribution.
Copyleft licence families
- Strong copyleft (GPL v2, GPL v3, AGPL v3): any work that “links” or modifies GPL code must be licensed under GPL; AGPL extends to network use (SaaS).
- Weak copyleft (LGPL, MPL, EPL): copyleft applies only to direct modifications of the licensed file or library; allows proprietary code to link statically/dynamically.
- Strong network copyleft (AGPL v3): closes the “SaaS loophole” by extending source disclosure to users accessing modified code over a network — significant for hosted services.
Compliance obligations
- Source code availability: distribute source code with binary or provide written offer for 3 years.
- Same-licence redistribution: derivative works must use the same copyleft licence.
- Notice preservation: retain copyright notices and licence text in distributed code.
- Patent grant: GPLv3/AGPL include implicit patent grant — contributors cannot assert patents against users.
- Anti-tivoisation (GPLv3): hardware locks preventing user modification breach licence in consumer products.
Türk açık kaynak ekosistemi pratiği
Türk yazılım şirketleri (Pardus, Tübitak Açık Kaynak Grubu, Logo Yazılım) ve startup ekosistemi (Picus Security, Insider) açık kaynak hem tüketici hem katkıcı pozisyonundadır. Türk SaaS’lerin AGPL kodu kullanırken servis modeli (SaaS, on-premise) açık-kaynak yükümlülükleri doğrudan etkiler — özellikle AGPL kapsamındaki kod modifiye edildiyse, son kullanıcı erişim hakkına sahip olur. KVKK ve veri yerelleştirme gereksinimleri AGPL kodu içeren SaaS yapıları için ek kompleksite ekler.
Do: maintain open-source bill of materials (OSS BOM) for all dependencies; map licence obligations per software component; engage OSS compliance counsel before incorporating copyleft code into commercial products.
Don’t: assume “open source = free to use however” — copyleft compliance failures expose to litigation (Conservancy v. Vizio, BusyBox cases) and product recall risk.