Examining Software Liability In the Open Source Community 241
snydeq writes "Guidelines from the American Law Institute that seek to hold vendors liable for 'knowingly' shipping buggy software could have dramatic impact on the open source community, as vague language around a 'free software' exemption could put open source developers at litigation risk. Meant to protect open source developers, the 'free software' exemption does not take into account the myriad ways in which vendors receive revenue from software products, according to a joint letter drafted by Microsoft and the Linux Foundation. As such, the guidelines — which, although not binding, are likely to prove influential on future lawsuits, according to attorneys on both sides of the issue — call into question the notion of liability in the open source community, where any number of coders may be responsible for any given defect."
bollocks (Score:5, Interesting)
I'd say that ye olde standards of gross negligence and recklessness should cover any profoundly careless bugs.
The trick is to get them to apply to corporations like MS.
Sue who for what now? (Score:5, Interesting)
First point, if someone working for hire at Red Hat, Novell, or IBM knowingly (how's that defined?) ships buggy open source software, why shouldn't the company be held liable, if they would be held liable for shipping buggy closed source? Second point, who is going to sue some no-name contributor who doesn't have any money anyway, especially if you have to prove that that particular developer knew there were bugs? I love open source, but I feel that if we as a community want to be taken seriously, we should be held to the same standards as closed source software.
Why should there be an exemption for FOSS? (Score:3, Interesting)
I'm not anti-FOSS in any way, I'm just wondering why it would be exempted...
Re:I believe almost every free software I use has. (Score:4, Interesting)
I suspect that in commercial software, there is an implication of warranty (because the customer paid for it), and that warranty can't always be signed away by a contract (because of things like consumer protection laws).
I would think that if a piece of software is free as in beer, it would be easy to explain to a judge that the project authors had no business relationship with the user, and thus could not be held liable.
It's sort of like the "I am not your lawyer, this is not legal advice" disclaimer--the person giving advice is less likely to lose a malpractice suit if he/she says "I have no business relationship with you, so don't take this with the same gravity that you might take my real legal advice."
Option (Score:3, Interesting)
Or add an exemption to any company that gives a list of known bugs at release. If they blatantly say they know something is buggy, then that would be fair to me.
Re:I believe almost every free software I use has. (Score:3, Interesting)
This comes up every time warranty issues are raised. The problem is that for that warranty to be effective, the parties had to agree. Hence, those that say open source software is not an agreement (or that one does not have to accept the terms of the GPL etc.) have a problem. I've said it before, certain of the terms of the GPL are not merely license language. The community cannot have it both ways.
Either this clause in unenforceable because their is no agreement (one party did not agree to it), or the GPL requires every user to accept the terms of it.
Re:Bug free software would be insanely expensive! (Score:2, Interesting)
Simple: Add to your specification: "The program is not intended to be run." If anyone runs it, then he's operating it outside of its specifications. Anything unforeseen therefore isn't a bug :-)
Re:Why should there be an exemption for FOSS? (Score:4, Interesting)
I'm not anti-FOSS in any way, I'm just wondering why it would be exempted...
Would you spend years of your life making something useful, then give it away freely, and subsequently be sued to the point of losing your house, just for fun? At least commercial businesses are actively trading risk for gain; the open source developer only gets the risk part of the equation here.
I can see an entire industry spring up around finding bugs and sueing the maker of the software (much like the patent-sharks of today). You don't even have to read the source, just download a copy of whatever you want to hit and look in its Bugzilla tracker...
Re:I believe almost every free software I use has. (Score:5, Interesting)
"NO WARRANTY OR GUARANTEE IS IMPLIED. USE THIS SOFTWARE AT YOUR OWN RISK" or some combination of that. Even my home server says that every time I SSH into it.
There is no reason that a legislature cannot pass a law saying that this disclaimer is contrary to public policy and won't be respected in the courts.
For instance, in my State, contracts to purchase a car that are "AS-IS" are not legal. You can write those terms into the contract and the buyer can sign it, but if she turns around and sues you the Court won't give effect to that part of the contract.
Another example, I cannot rent an apartment or house "AS-IS", I am required by law that my rentals conform to a general standard of habitability. It doesn't matter how many times in the rental contract I disclaim any warranty of habitability, I still have to provide a habitable dwelling.
Consumer protection statutes are full of these sorts of provisions that forbid the use of certain kinds of terms and conditions. You can't sell food without a warranty of non-contamination or edibility, you can't sell children's playground equipment without a warranty of safety, .....
TL;DR version: the law does not have to respect your right to contract under whatever terms you see fit (I'll leave the normative argument of whether it should for another time & place).
But that's retarded, all software has LOTS of bugs (Score:1, Interesting)
Every moderately complex piece of software has hundreds or (more typically) thousands of KNOWN bugs in it when it ships. The developers know this, because they try to fix all the *bad* ones before shipping it. Every large project I've worked on, had tens of thousands of bug reports in the bug tracking system. For example: our current codebase is a few million lines, and our bug tracker has 35,000 bug reports in it, of which maybe 1 to 2 thousand will be *known bugs* (but minor ones) that are fixed before we ship. This is entirely normal throughout the entire software industry, and useful software would simply NEVER GET SHIPPED if we didn't work like this. /shrug.
A few years ago I was on a team of 4 people that were part of a larger (approx. 200 people) product team at one of those big corporations everyone dislikes. Our component (with 4 people and a few hundred thousand lines of code) had maybe 300 or 400 known open bugs in it, when the product shipped. Which tells you very little about the overall quality of the project--most of those were very minor nits. We did fix around two thousand bugs (ranging from annoying to showstopper) in the months leading up to ship.
How is this a problem? (Score:3, Interesting)
The article quotes the requirement as being "contains no material hidden defects".
That idea would superficially (I am not a lawyer) appear to allow any open source off the hook as long as you have a public bug tracker.
Re:I believe almost every free software I use has. (Score:3, Interesting)
Of course you can - I can happily sell a device that looks just like a car, with wheels, can be driven, but make it clear that this is not intended to be driven on roads. If you do so, that's your problem.
If it's a model that was road-legal, no you cannot. That is you can't sell your old beater Honda Civic if the seatbelts are broken, even if I want to use it as a bird house.
But I can damn well sell a substance that would be inedible, and it's your own fault if you eat it.
You can't sell rotten apples as "non-food-substance" no matter how many disclaimers you put on it.
Yes, you can't sign or agree away rights allowed under law, but since these disclaimers aren't contracts or agreements, that's not an issue. They're disclaimers - no different to the disclaimer that says that the "car" you bought is not intended to be driven on roads. If that's allowed for physical products, why should software be held to a different standard?
I should have stated it this way: there are some warranties that the legislature will not let you disclaim. The legislature is not required to respect every possible form of disclaimer.