Dealing with Incomplete Copyleft Source That Doesn't Correspond - Conservancy Blog - Software Freedom Conservancy
Get the latest update on our Vizio court case
Close navigation menu
Home / News / Blog
Dealing with Incomplete Copyleft Source That Doesn't Correspond
by Bradley M. Kühn<br>on May 17, 2026
Years ago, copyleft violations were often a mere misunderstanding;<br>vendors intended to comply but made mistakes. In those “before times”, a<br>simple request and short discussion often led to the complete, Corresponding<br>Source (“CCS”) for the the distributed binary<br>works (or, in the case of network-service copyleft, the deployed<br>systems).
Today, nearly all copyleft violations are done with forethought (and<br>frequently nefarious) intent. As such, the most common form of violation is not what<br>we call “no-source-or-offer” or even “offer-fail”,<br>but rather “incomplete-ccs”. That last form of violation<br>is unforunately most complicated to resolve.
An “incomplete-ccs” violation means that the vendor has<br>released some subset of required copylefted materials, but has purposely<br>held back some necessary parts. For example, vendors sometimes provide byte-for-byte upstream source versions (absent their own<br>changes entirely). Upstream sources obviously lack<br>the vendors' “scripts used to control compilation and installation of the<br>executable”. Even when some scripts are included, they are often not the<br>actual scripts used to compile and install, but instead they're an alternative, incomplete<br>version — often created specifically to thrwart efforts to recompile and install.<br>Occasionally, vendors also withhold source code for some key<br>modules, libraries, or other components governed by the copyleft license.<br>Unsurprisingly — in general — vendors withhold the most interesting<br>and most difficult to reimplement parts of the complete,<br>Corresponding Source. Users are left with mere pieces of what the license<br>agreement promises; users have immense difficulty reproducing the build and installing it. In network-service copyleft licenses (like<br>the<br>AGPLv3),<br>users further struggle to properly deploy the service for self-hosting<br>— a right that AGPLv3 guarantees.
These incomplete<br>CCS<br>“candidates” often exhibit “truthiness”. (Stephen<br>Colbert wittily dubbed “truthiness” to refer to false or<br>misleading material that appears to have the quality of truth at<br>first glance — just enough that most won't bother to<br>“trust but verify”.) When we enforce copyleft licenses in “incomplete-ccs” scenarios, we<br>face a protracted argument with most vendors who insist —<br>usually for some seemingly plausible but actually altogether specious<br>reason — that the previous CCS candidate that they provided truly is<br>complete and Corresponding Source. The average number of<br>“rounds” of incompleteness reports that we send until<br>reaching actual, valid CCS is approximately fifteen (on average).
We have spent many years pondering and refining advice for the users and<br>consumers of these products. The users face the worst conundrum here: they<br>sit confused with a copylefted binary and/or object code —<br>yet they cannot effectively exercise their own rights under<br>copyleft nor can they redistribute any object code to<br>anyone else until they have proper CCS.
Fortunately, all is not lost. Here are a few simple facts (which apply to<br>all known copyleft licenses — including the<br>AGPL,<br>LGPL,<br>GPL,<br>and copyleft-next):
Redistribution of pure source code is always<br>permitted.
For example,<br>AGPLv3§1<br>states You may make, run and propagate covered works that you do not<br>convey, without conditions … a "covered work" [is defined as]<br>either the unmodified Program or a work based on the Program.<br>AGPLv3§4 goes on to state: [y]ou may convey verbatim copies of the<br>Program's source code as you receive it, in any medium.<br>AGPLv3§5 grants that you may convey a work based on the Program, or<br>the modifications to produce it from the Program, in the form of source<br>code under the terms of section 4. The list of requirements you must<br>meet when doing so under AGPLv3§5 are easy. (Summarizing AGPLv3§5(a-d): they<br>require that you add/maintain certain required textual notices,<br>and outbound-license the whole Covered Work under AGPLv3 itself.)
In short, there's no need to think twice if all you're doing is redistributing a<br>copylefted work in pure Source Code form.
Running and deploying binaries — even those lacking CCS<br>— on your own computer is always permitted .
This License explicitly affirms your unlimited permission to run<br>the unmodified Program … You may make, run and propagate covered<br>works that you do not convey, without conditions (AGPLv3§2). Other copyleft licenses have similar language.
Do take care not to give someone else direct access to the machine<br>where you do this, and firewall the system so only you can access it...