Advanced Guide

Understanding Copyleft Licenses: GPL, LGPL, and AGPL

Master copyleft licenses and their implications. Learn about GPL, LGPL, AGPL differences and how they affect your code.

8 min read
Last updated: Jan 10, 2024
Copyleft GPL LGPL AGPL

Table of Contents

What is Copyleft?

Copyleft is a method for making software free and requiring all modified and extended versions to be free as well. It uses copyright law to ensure software remains free, inverting copyright's traditional purpose of restricting distribution.

Understanding Copyleft Philosophy

The Four Freedoms

Copyleft licenses guarantee these essential freedoms:

  1. Freedom 0: Run the program for any purpose
  2. Freedom 1: Study and modify the source code
  3. Freedom 2: Redistribute copies
  4. Freedom 3: Distribute modified versions

Copyleft vs. Permissive

AspectCopyleft (GPL)Permissive (MIT)
PhilosophyFreedom preservationMaximum flexibility
Derivative worksMust be same licenseAny license allowed
Source disclosureRequiredOptional
Commercial useAllowed with sourceAllowed without source
Community benefitGuaranteedOptional

Major Copyleft Licenses

GPL (GNU General Public License)

GPL v2 (1991)

Key Features:
  • Most popular copyleft license
  • Used by Linux kernel
  • Binary distribution triggers obligations
  • Source must be provided with binaries
When Triggered: 

# Triggers GPL obligations
./configure && make && make install
cp binary /usr/bin/  # Distribution!

# Does NOT trigger (internal use)
./configure && make
./binary  # Internal use only

GPL v3 (2007)

Additional Protections:
  • Patent protection clauses
  • Anti-tivoization (anti-DRM)
  • Compatibility with Apache 2.0
  • International terminology
Tivoization Prevention: 

// GPL v3 prevents this:
if (verify_signature(binary) != OFFICIAL_SIGNATURE) {
    refuse_to_run();  // GPL v3 forbids this restriction
}

LGPL (Lesser GPL)

Designed for Libraries: 

// Dynamic linking - Usually OK
#include <lgpl_library.h>
dlopen("liblgpl.so", RTLD_LAZY);

// Static linking - Triggers LGPL
#include "lgpl_source.c"  // Now your code has obligations

Version Differences:
  • LGPL v2.1: Original library copyleft
  • LGPL v3: Includes GPL v3 protections

AGPL (Affero GPL)

Network Copyleft: 

// Regular GPL - No source obligation for SaaS
app.get('/api', (req, res) => {
    useGPLCode();  // No distribution, no obligation
});

// AGPL - Must provide source to network users!
app.get('/api', (req, res) => {
    useAGPLCode();  // Network use triggers obligations
});

// AGPL compliance
app.get('/source', (req, res) => {
    res.download('source-code.tar.gz');  // Required!
});

Weak vs. Strong Copyleft

Strong Copyleft (GPL, AGPL)

Characteristics:
  • Affects entire combined work
  • All derivatives must use same license
  • Maximum freedom preservation
Example Impact: 

# main.py (Your code)
import gpl_module  # Strong copyleft

class YourApp:  # Must be GPL now!
    def method(self):
        gpl_module.function()

Weak Copyleft (LGPL, MPL, EPL)

Characteristics:
  • Limited scope (file or library level)
  • Allows proprietary combinations
  • Balance between freedom and flexibility
MPL 2.0 (File-Level): 

// mpl-file.js (MPL 2.0) - Must stay open
export function mplFunction() {
    // Modifications must be shared
}

// your-file.js (Proprietary) - Can stay closed
import { mplFunction } from './mpl-file.js';

function proprietaryFunction() {
    mplFunction();  // OK to keep this file proprietary
}

EPL 2.0 (Module-Level): 

// EPL Module - Must stay open
package org.eclipse.eplmodule;

public class EPLClass {
    // Modifications must be shared
}

// Your Module - Can be proprietary
package com.yourcompany.proprietary;

import org.eclipse.eplmodule.EPLClass;

public class ProprietaryClass extends EPLClass {
    // Can remain proprietary if separate module
}

Copyleft Compatibility Matrix

Inter-License Compatibility

Your LicenseCan IncludeCannot IncludeSpecial Cases
GPL v2GPL v2, LGPL v2.1, MIT, BSDGPL v3, Apache 2.0, AGPL"or later" clause helps
GPL v3GPL v2+, GPL v3, LGPL v3, Apache 2.0GPL v2-only, AGPLCan combine with AGPL
AGPL v3GPL v3, LGPL v3, MIT, BSDGPL v2, proprietaryStrongest copyleft
LGPL v2.1Any (with conditions)-Dynamic linking usually OK
MPL 2.0Any at file boundary-File-level copyleft
AGPL and GPL v3 can be combined, result is AGPL

Upgrade Paths

graph LR
    MIT --> GPL2[GPL v2]
    MIT --> GPL3[GPL v3]
    MIT --> AGPL[AGPL v3]
    BSD --> GPL2
    BSD --> GPL3
    Apache2[Apache 2.0] --> GPL3
    GPL2 --> GPL3[GPL v3 if "or later"]
    GPL3 --> AGPL

Compliance Requirements

GPL Compliance Checklist

## Source Code Distribution

### Method 1: Accompany with Source
- [ ] Include complete source code
- [ ] Include build scripts
- [ ] Include installation instructions
- [ ] Match binary version exactly

### Method 2: Written Offer
- [ ] Valid for 3 years
- [ ] Available to any third party
- [ ] Nominal fee for physical media only
- [ ] Include contact information

### Method 3: Network Distribution
- [ ] Provide download link
- [ ] Same location as binary
- [ ] No additional barriers
- [ ] Equivalent access method

LGPL Compliance

# Required for LGPL compliance
provide_source_code()
enable_relinking()  # User must be able to relink
provide_object_files()  # If statically linked
preserve_lgpl_notices()
document_modifications()

AGPL Compliance

// server.js - AGPL compliance
app.use('/source', (req, res) => {
    // Must provide corresponding source
    const sourceArchive = generateSourceArchive({
        includeModifications: true,
        includeBuildScripts: true,
        includeDocumentation: true
    });

    res.download(sourceArchive);
});

// Display in UI
function AGPLNotice() {
    return (
        <footer>
            <a href="/source">
                Source code available (AGPL v3)
            </a>
        </footer>
    );
}

Working with Copyleft Code

Strategy 1: Embrace Copyleft

Project Structure:
  License: GPL v3
  Benefits:
    - Competitor improvements returned
    - Strong community contributions
    - No proprietary forks
  Examples:
    - Linux Kernel
    - GCC
    - GIMP

Strategy 2: Isolation Techniques

# Process Isolation
import subprocess

# GPL code in separate process
result = subprocess.run(['gpl-tool', '--process', data],
                       capture_output=True)
# Your code remains proprietary

# Service Isolation
import requests

# GPL service running separately
response = requests.post('http://gpl-service/api', json=data)
# No license contamination

Strategy 3: Dual Licensing

// Commercial license for paying customers
if (customer.hasPaid()) {
    return commercialLicense;
}

// GPL for open source users
return GPLv3License;

Common Misconceptions

Myth: "GPL Prohibits Commercial Use"

Truth: GPL explicitly allows commercial use and selling 

# Totally legal under GPL
sell_gpl_software() {
    price="$500"
    provide_source_code="yes"
    offer_support="optional"
}

Myth: "LGPL is Safe for Proprietary Use"

Truth: Still has requirements, especially for static linking 

// Dynamic linking - Generally OK
void* lib = dlopen("lgpl.so", RTLD_LAZY);

// Static linking - Obligations!
#include "lgpl_library.c"  // Must enable relinking

Myth: "Internal Use Triggers Copyleft"

Truth: Only distribution triggers obligations 

# No obligations - Internal use
def internal_system():
    use_gpl_code()  # No distribution, no obligations

# Obligations triggered - Distribution
def distributed_product():
    use_gpl_code()  # Must provide source

Copyleft in Different Contexts

Open Source Projects

Benefits:
  • Ensures contributions return
  • Prevents embrace-extend-extinguish
  • Builds collaborative community
Challenges:
  • May limit commercial adoption
  • Requires careful dependency management
  • Legal complexity

Commercial Products

When Viable: 

# Dual licensing model
if use_case == "open_source":
    license = "GPL"
elif use_case == "commercial":
    license = "Proprietary"  # For fee

# Service model (AGPL doesn't affect)
if deployment == "internal_service":
    agpl_ok = True  # Provide source via API

Academic/Research

Advantages:
  • Ensures research remains open
  • Promotes collaboration
  • Prevents proprietary capture
Considerations:
  • May conflict with commercialization goals
  • University policies vary
  • Grant requirements

Enforcement Mechanisms

## Copyleft Enforcement Process

1. **Discovery**
   - Community reports
   - Compliance testing
   - Market monitoring

2. **Notification**
   - Private contact
   - Compliance opportunity
   - Documentation request

3. **Resolution**
   - Source code release
   - Compliance plan
   - Ongoing monitoring

4. **Legal Action** (Last Resort)
   - Cease and desist
   - Litigation
   - Injunction

Notable Enforcement Cases

CaseOutcomeImpact
BusyBox/GPLMultiple settlementsEstablished GPL enforceability
Oracle v. GoogleFair use rulingAPI copyrightability
VMware/LinuxOngoingKernel module boundaries
Artifex v. HancomSettlementAGPL enforcement

Best Practices

For Copyleft Projects

## Copyleft Project Best Practices

1. **Clear Documentation**
   - LICENSE file in root
   - COPYING for GPL tradition
   - README with license section

2. **Contributor Agreement**
   - CLA or DCO
   - Clear contribution terms
   - Patent grants if applicable

3. **Compliance Help**
   - HOW-TO-COMPLY.md
   - Build instructions
   - Contact information

For Using Copyleft Code

Compliance Process:
  1. Inventory:
     - List all copyleft dependencies
     - Track versions
     - Note modifications

  2. Analysis:
     - Determine obligations
     - Check compatibility
     - Identify boundaries

  3. Implementation:
     - Source provision mechanism
     - Attribution requirements
     - Build reproducibility

  4. Verification:
     - Regular audits
     - Automated checking
     - Legal review

Tools and Resources

License Analysis Tools

# Scan for copyleft licenses
scancode --license --copyleft project/

# Check GPL compliance
gpl-compliance-checker --strict

# SPDX generation with copyleft flags
spdx-sbom --flag-copyleft --output sbom.spdx

Compliance Automation

# compliance_check.py
import license_checker

def check_copyleft_compliance(project_path):
    """Automated copyleft compliance verification"""

    licenses = license_checker.scan(project_path)

    copyleft_licenses = [
        'GPL-2.0', 'GPL-3.0', 'AGPL-3.0',
        'LGPL-2.1', 'LGPL-3.0', 'MPL-2.0'
    ]

    issues = []
    for package, license in licenses.items():
        if license in copyleft_licenses:
            if not has_source_provision(package):
                issues.append(f"{package}: Missing source provision")
            if not has_attribution(package):
                issues.append(f"{package}: Missing attribution")

    return issues

Conclusion

Copyleft licenses are powerful tools for preserving software freedom. They're not anti-commercial but rather pro-freedom, ensuring that improvements benefit everyone. Whether you choose copyleft depends on your goals:

  • Use copyleft to ensure freedoms and community benefit
  • Avoid copyleft if you need proprietary flexibility
  • Understand obligations before using copyleft code
  • Respect the philosophy behind the license choice

Remember: Copyleft is about preserving freedom, not preventing commerce. Many successful businesses thrive with copyleft software.