Software Developer Liability

Xyne · 2009-05-09 17:39:26

Linux Journal: http://www.linuxjournal.com/content/sho … their-code
./: http://developers.slashdot.org/article. … 09/1339213

There are some insightful replies to the Linux Journal article.

What are your thoughts on this? Do you think this will affect open source developers? What about Red Hat and other such vendors?

Could this be yet another strategem by Debian to eliminate Drepper, who has now revealed himself to be the level 9 boss of FOSS?

Dieter@be · 2009-05-09 17:53:00

Most free software licenses I've met (and used) so far all have clauses in them that state something like "no warranty" so I don't really see the problem. I don't think they can really forbid people to release warranty-less code into the public domain, right?

Xyne · 2009-05-09 18:06:04

One of the ./ replies cites this passage from the GPL license (all versions):

GPL wrote:

THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW

That's quite clear. Even without the clause "to the extent permitted by applicable law", others have pointed out that licenses which violate existing laws are void, so any license that would seek to limit warranty would be disregarded. The general consensus among the Linux Journal replies seems to be that because there is no contract between most FOSS developers and those who use their software, they would not be liable.

Here's a good analogy concerning how this might be applied:

Paul Johnson wrote:

However the actual EU quote here suggests something much more limited. If I buy a door lock, for example, then UK consumer law says it should be "fit for the purpose", which is a long way from saying it should protect me from all potential burglary. If it gets picked, or the door gets knocked down, I don't get to sue the lock manufacturer for the costs of the burglary. At most I get my money back for the lock, and that only if it was clearly unfit for purpose (like if it can be opened with a screwdriver, or if it jams and won't open at all).

My current understanding is that you could only be held liable if you sell software for a specific use without that software being fit for that use. The potential problem lies in the wiggle room of determining fitness for a purpose. The system would rely on a technically competent legal system to determine whether a given piece of software could be reasonably expected to fulfil its purpose.

I wonder if that might lead to mandatory source disclosures.

Last edited by Xyne (2009-05-09 18:14:38)

genisis300 · 2009-05-09 19:19:15

i't will be interesting to see how this comes on.

I brought empire total war recently reinstalled vista on my laptop so that i could use it as i'm a fan of the Total war games. and it's a crock of crap. So many bugs that it's almost unplayable. they are slowly fixing it but it should have been working when it came out not 3-4months after.

If free-software can get around this with out many problems and if as suggested the prices for Software do Spike it could also be a welcome boost for projects such as Firefox and Openoffice. We might even see an increase in people writing open-source applications for the Windows enviroment. as the "shareware" market would most probably shrink alot.

i'd also be interseted in seeing what is deemed fit for purpose. would that mean windows would have to come up with a purpose other than to P*** you off?
between Vista and HP software it took nearly 2 hours to reinstall my laptop just for me to remove most the crap again. and i still don't use it because i can't think of anything construtive to-do with it (and my game doesn't work )

what about Anti-Virsues and Spyware tools. if i had Nortons on my pc and still managed to get infected by X virus would that mean that the product was at fault for not defending my pc as it was designed to-do

i can't really see how it would work it will most likely be to complex to maintain and to use as a consumer. Software companies are not going to change there practices overnight they will find away around this,

Last edited by genisis300 (2009-05-09 19:22:59)

peets · 2009-05-09 22:32:05

Sorry for upcoming politicalness. Consumer protection laws are dangerous. They allow consumers to be ignorant and teach them to trust vendors. How can you trust someone whose aim is to make money from you? If you depend on computers and software to the point where you want a warranty, shoudln't you be minimally technically proficient i.e. capable of informing yourself about your software on the intarwebs before purchasing it?

I don't think this could ever affect open source software. I could post source code on the net "for reference only", and too bad if someone downloaded it, compiled it and ran it. And Arch could host binary packages "for archival purposes only", and too bad if I went and downloaded it (without Arch's explicit consent) and ran it.

So I guess this law wouldn't affect me as a user, but might flood the courts with strange and difficult cases debating the extent of some developers' liability .

R00KIE · 2009-05-10 13:07:37

My understanding from what is written is that it is aimed mostly at payed software

There's no other industry where shoddy products are sold to a public that expects regular problems, and where consumers are the ones who have to learn how to fix them.

I guess sold is the main word here, in my opinion free and open source projects shouldn't be affected by this. It's just like a gift, you get it for free and it may not serve you any purpose but you can go to the person that offered it to you and say that it's no good to you and useless .... well, you can but it would be very rude XD.

On the other hand when you buy something, you do so because you expect that something to do what is advertised, like a car (as the example in the article) or a piece of consumer electronics, you expect it to work when you need, and you expect it to work as it should.

However this may not be as simple as this given that lately the legislators seem to have gone a bit postal

.:B:. · 2009-05-10 19:38:20

Rookie, I don't think you get what regular closed-source companies are 'selling'. For example, Microsoft doesn't sell you anything. They license you to use their software (and they can recall that license at any time, if you are abusing their trust). In a business environment code is traded indeed, but in a business to consumer environment, it's often licensing, and not real sale. You buy an anti-virus scanner, you get the right to use that software. You don't get to own the code.

If those idiots at the EU (I know, it's redundant right) are pushing for warranty (!) on software, that would be nice to improve overall reliability, I don't know if it is feasible (and how much that would drive up the price). There are way too many factors at play - the version of the software, the combination of the hardware it's running on, the operating system, the intelligence of the user handling it (lawsuits against a microwave manufacturer because the manual doesn't say 'don't put your cat in it', anyone?). If that brilliant idea gets pushed (and I think it will, given the desperate need of the European Parliament to prove to the general public they are worth the money the average European is spending on them), all hell will break loose - and the only viable commercial model will be Apple's: control your hardware, control your software. Microsoft will have to redeploy, and OSS... Well, I don't know about 'free' software that comes with a (paid) support contract, but there will be a *lot* of problems with that.

I think it's just another result of the wishful thinking of those that can make money just by talking and thinking - or pretending to think while just producing useless blatter with tax payer's money.

Disclaimer: IANAL and IANAD (I am not a developer).

R00KIE · 2009-05-10 21:43:15

Haaa yes, you are absolutely right about the licenses stuff.

My point was that you pay for it, although I must admit it's not exactly like buying a car now that you mention the license stuff .... maybe more like renting a car .... but you still expect it to work as intended and thats why you pay to use it after all. Of course that user stupidity can never be taken care of no matter how good the program is.

More reliability is most welcome for sure, and it can be achieved but that will make the products more expensive or less profitable and probably a bit harder to use, not that you need to be a rocket scientist to use them anyway.

Maybe the problem is that the trend seems to be to focus on making pretty and shinny interfaces and over simplify things that the average user should only want to poke with a long stick. Of course that leads to two situations, either things go as expected and the user is happy and believes to be a computer genius (this isn't completely bad as more people will be able to do more complicated things), or it goes wrong and the user not knowing anything about what is being done, and most times not reading the many warnings, gets mad at the company that sold him the license to use the software.

I still believe that projects like arch and many other great projects where you get something without having to pay anything will be "safe", at least I really hope that there is still some good sense left to make it so, otherwise it would be a complete nonsense .... but if our legislators (yes I live in the EU) decide that all software developers can be liable for the software they make available then like you say all hell will break loose and software developers will want to close the shop and go live elsewhere

As for free software with paid support .... very good point, in that case I guess the party providing the support would be liable for any problems, because you would be paying them to keep things working.

In the end I guess it's a bit like you say, they have to show something done at the end of the month .... just something so they can receive the tax payers money ... first that 3 strikes and no internet stuff which seems to be on hold now as some people there still seem to have some good sense, now this .... I just wonder who's pulling the strings on this one.

Like you, I'm not a lawyer or developer, just someone which prefers things that are easy to understand and make sense.

moljac024 · 2009-05-10 22:04:43

peets wrote:

Sorry for upcoming politicalness. Consumer protection laws are dangerous. They allow consumers to be ignorant and teach them to trust vendors. How can you trust someone whose aim is to make money from you? If you depend on computers and software to the point where you want a warranty, shoudln't you be minimally technically proficient i.e. capable of informing yourself about your software on the intarwebs before purchasing it?
I don't think this could ever affect open source software. I could post source code on the net "for reference only", and too bad if someone downloaded it, compiled it and ran it. And Arch could host binary packages "for archival purposes only", and too bad if I went and downloaded it (without Arch's explicit consent) and ran it.
So I guess this law wouldn't affect me as a user, but might flood the courts with strange and difficult cases debating the extent of some developers' liability .

Couldn't agree more.

Last edited by moljac024 (2009-05-10 22:05:11)

.:B:. · 2009-05-10 23:20:19

peets wrote:

Sorry for upcoming politicalness. Consumer protection laws are dangerous. They allow consumers to be ignorant and teach them to trust vendors. How can you trust someone whose aim is to make money from you?

Let me put it like this: would you buy from a company you wouldn't trust in the first place? Without some basic form of trust, no transaction - let alone negotiations on prices and SLAs don't take place.

The thing is, the Western world is becoming more and more an environment where liability is the magical word. In some situations, liability is good (like in Italy, where buildings collapse during an earthquake despite being touted as earthquake-resistant, but not 'Japan earthquake-resistant', despite their builders claiming so). If you break down with your car, you want to blame the hire car company (while sometimes it's just your fault because you can't drive, or it is a construction fault, hence the car manufacturer's fault). In other situations, it's a perfect excuse to squeeze money out of people then chicken out when it's payday - look at the small print insurance companies have and their customers never read until s**t hits the fan . If some Afghani gets hit by a stray bullet from a mujahid, does Obama Bin Laden get sued?

The only way a consumer can speak, however, is by spending its money. That is why you need consumer laws. You can e.g. buy stuff over here and return it within a week if it doesn't perform as expected. Companies f**k you over all the time; they sell you 'advertised' speeds for internet plans, and it's all in the fine print. You buy a cheap media player only to discover the battery is crappy and dies after a few hours of measle mp3s. It happens all the time. The kind of economy the modern world has encourages people to con others - maximise your profits (not talking about any political views here ).

I agree with you that in the type of economy (and world) we live in, you can't trust vendors. At least not 100%. A good vendor will match up 90% of what his ads want you to believe. A bad one may not even get to 10%. Sometimes the make-believe is so strong a lot of people can't see through it (it's now like that already).

If you depend on computers and software to the point where you want a warranty, shoudln't you be minimally technically proficient i.e. capable of informing yourself about your software on the intarwebs before purchasing it?

In an ideal world, you could ask that from any client you sell stuff to. But then again, that would require every car owner out there not just to have a driver's licence - they'd need to have a car mechanics degree, too.

I don't think this could ever affect open source software.

From the moment you sell it - be it in a support package, where one effectively pays for the support on the binaries or source code you provide - you would be liable. And any license agreements trying to escape that liability would be invalid because of such a consumer law.

I could post source code on the net "for reference only", and too bad if someone downloaded it, compiled it and ran it. And Arch could host binary packages "for archival purposes only", and too bad if I went and downloaded it (without Arch's explicit consent) and ran it.

Again: it's about products being sold. If you want to install Arch and download the ISO, and you don't pay a dime, you don't have a leg to stand on. Theoretically, with the plan those guys in Brussels are cooking up, if you pay for the CD you got some online vendor to ship to you, you might be able to sue them if push comes to shove - but even if this kind of thing gets turned into law, I don't see that kind of scenario happening that fast - at least not for such services (where you pay for the transport and convenience, and not for the software, nor any services or support).

R00KIE · 2009-05-11 06:01:43

You seem very displeased about this, even more than I am ^^;;;
Things don't seem to be going anywhere good with these laws .... lets hope there is some good sense from the legislators and things don't get out of hand.

Arch Linux

#1 2009-05-09 17:39:26

Software Developer Liability

#2 2009-05-09 17:53:00

Re: Software Developer Liability

#3 2009-05-09 18:06:04

Re: Software Developer Liability

#4 2009-05-09 19:19:15

Re: Software Developer Liability

#5 2009-05-09 22:32:05

Re: Software Developer Liability

#6 2009-05-10 13:07:37

Re: Software Developer Liability

#7 2009-05-10 19:38:20

Re: Software Developer Liability

#8 2009-05-10 21:43:15

Re: Software Developer Liability

#9 2009-05-10 22:04:43

Re: Software Developer Liability

#10 2009-05-10 23:20:19

Re: Software Developer Liability

#11 2009-05-11 06:01:43

Re: Software Developer Liability

Board footer