Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
News

What's (Still) Wrong With UCITA 261

Grant Gross has an article at NewsForge outlining both changes being proposed by the The National Conference of Commissioners on Uniform State Laws to its version of UCITA (a model intended for adoption by the various state legislatures), and objections raised to the resulting language by Red Hat lawyer Carol Kunze. Among other things, Kunze points out that Free software projects could be effectively discouraged from releasing software if software producers are required to provide warranties -- imagine trying to provide warranties on all the packages available to Debian users, for instance, or every bit of software included with Mandrake Linux.
This discussion has been archived. No new comments can be posted.

What's (Still) Wrong With UCITA

Comments Filter:
  • MS EULA (Score:5, Insightful)

    by Aknaton ( 528294 ) on Wednesday August 07, 2002 @08:29AM (#4024521)
    > required to provide warranties

    Free projects should just copy Microsoft's license which, by the time it is done excluding things, provides nothing to the end user.
    • Actually the new MS EULAs with Media Player, Win2k SP3, and WinXP SP1 do much more than "nothing to the end user"... they grant MS root on your machine.

      The new UCITA appears to remove "help-yourself deactivation" for software providers, but how about the "We need root in order to warrant this software," argument?
  • Among other things, Kunze points out that Free software projects could be effectively discouraged from releasing software if software producers are required to provide warranties -- imagine trying to provide warranties on all the packages available to Debian users, for instance, or every bit of software included with Mandrake Linux.

    You want Microsoft to be held financially liable for bugs, yet Free Software should have no warranty if something blows up in the field? Or is this another "Tough Crap...no one made you use free software" instance.

    Sounds like the kettle calling the pot black if you ask me...
    • by Anonymous Coward on Wednesday August 07, 2002 @09:38AM (#4024936)
      The difference is this. If you're going to release a product, keep the source secret and not allow the user to help themselves or provide reliable updates on a timely scale you should be responsible.

      Open source software has nothing to gain from releasal (well maybe a lil fame and recognition) but no financial reward. It is important to note that software should be allowed to be given away with warranties proportionate to what you paid for it. You pay nothing you get nothing. In the case of microsoft you're paying 500+ dollars for the software and it doesnt work right. The total cost for a legit ms office installation for the small-business man is almost 1500 dollars for windows xp pro, office xp pro and other productivity tools such as quickbooks and quicken. This is MORE then the hardware cost which is currently supported under warranty for 12 months and with driver updates for as long as there are devices in use. i've got ati cards with current drivers for xp that were made in 90something.

      With that said with the support based business models of redhat software etc SHOULD be liable for support they provide.

      If redhat comes in and sets up an opensource installation for $ they should be allowed to setup reasonable restrictions on the user and at the same time be responsible when things break.

      The excuse "the user must of screwed it up" doesnt go very far with me.

      This would give the major distributions that use this revenue model incentives to contribute to auto-updating programs and better out-of-the-box setups such that _their_ installers could do the job faster better and cheaper.

      In the true opensource for the community and the greater good of all sense there should be _NO_ liabilities for anything for any reason whatsoever.

      BUT when you make money off something you are providing a promised service for a fee. You should be accountable that said service works as advertises and doesnt constantly break down modify its agreement with you or spy on you!

      Punitive damages should be awarded to any company that gets rooted/exploited etc from a professionally setup system. This would increase the revenue from big businesses getting what they need from their products. The line just get joe in the IT department to setup the oracle/iis server should go away for large corporations and they should be (incentively) forced to contract to the software vendor for the product.

      In this case opensource software gets revenue, support and businesses get the liability protection they so desire but currently cant get.

      In conclusion. If theres money to be lost by microsoft, redhat or whoever they will be given a very powerful incentive to make better updating software and keep installations running correctly. But at the same time if you didnt pay for it dont expect any support liability protection or guarantees. The idea of some idiot mcse running companies servers really needs to go. Liability protection WOULD make this happen and make better software at the same time.

      $0.02.

      P.S. Dont bother flaming this reply with some stupid non-witty response I wont care. However if you want to reply in an informed and intelligent matter I will respond.
      • That's a whole lot of 'should's you just put forth.

        While these idead may actually sound good to YOU, these are 'Open Source Community concepts' that you are suggesting be put into law in America and that's not a good idea.
        Software should be allowed to be given away with warranties proportionate to what you paid for it.
        If Jill gives Joe a program for free that she tells him is supposed to make webpages but ends up being specifically for formatting his harddrive, now we dont have a civil case. He shoulda paid for it? Are you suggesting a government body to read/decode sourcecode and make legal determiniations?
        If you're going to release a product, keep the source secret and not allow the user to help themselves or provide reliable updates on a timely scale you should be responsible.
        While I agree, if I write and distribute a program, I am partially responsible for what it does (read: virus for example). The state of it being open source or not does not change my responsibility and does not help in accountability any more than a brand name nowadays.

        This seems like a lot of talk about - how to best get back at the big corporations without legislating laws that can be used against my free software projects. Punishing capitalistic practices...charging what you can get...is the biggest barrier to these kinds of 'changes'. Good luck changing america's basic economic ideals.
      • Isn't the "fairness" to different businesses. It's the lawyer friendly addition of more legalease.

        In actual application, UCITA attempts to create a "default" license model under which all software is sold. Then it creates mechanisms companies can use to over-ride the defaults. One of these mechanisms happens to be "click-wrapped" agreements. This really just means more legalese for everyone, and which ever companies hire lots of lawyers benefit. (Redhat included)

        If the courts really do feel that software companies haven't been responsible, they should hit the co's with fines based on what was charged for faulty product. This is how consumer law has worked for many years. If you sell something and the consumer becomes dissatisfied, you'll probably have to give those dissatisfied a refund.

        Perhaps what is really missing in UCITA is a gaurantee that legal liablity for software producers won't exceed price charged, unless extra warranties were offered. Also, that when not sold at retail some risk should remain with the consumer.

        If RedHat really is worried about being charged more than they were paid in liability fees, then I commend them for knowing they should be scared, and I hope they get better at stating their case.

        If instead, they are worried that they may have to give a refund on copies of their software where customers are legitimately dissatisfied, then I hope they quit whining, and behave like a real business.
    • Let's take out the major distributions of the Linux/Unix OS and just talk for a moment about the applications that are used on this OS. Most of the apps are written by people who needed something and were able to code it to work with the OS. Now, I need that same something and I find it on coder's homepage. I don't think that coder should be held liable for an app he wrote because he needed something and was kind enough to share it with the world.

      This law is NOT about the major distributors, it is about OPPRESSION --it is about keeping the best and brightest from being able to create something and SHARE it. In the end, that will FORCE us to buy stuff instead of taking the risk of downloading free software. I use Linux and several free apps and I do this by accepting the RISK of the software that is why I have to have a risk mitigation plan in place before I put the free software into production. I get to use both MS and Linux, both require a risk mitigation plan and MS is more likely to fail. I have never been able to recoop any money spent on the time it has taken me to fix my NT blue screen of death.

      This law is effectively an attempt to force free software industry to become a FOR PROFIT ONLY or NOTHING AT ALL industry and this is constitutionally WRONG because it is taking away the freedom to create, share and communicate openly with other people.

      Do you remember the days when hacking was cool? The days when if you found a security breach in an administrator's network and could call that admin and say, "Dude I found this gaping hole in your network."...and the admin would ask, "do you know how to fix it?" or "thanks I didn't know about that?" That was the days before the media got involved and the security task forces got involved. Realize WE CANNOT do that anymore and what has suffered? computer SECURITY because we cannot talk and share things anymore. If we allow this law to be passed it WILL in time take our communication away too that is its intent.

      2 Ending questions:
      1. do you hold MS financially liable when your server farm goes down because of something that MS forgot to fix? Hell no you don't, you are Eternally greatful that your shit works again.
      2. Has MS been held financially liable for any thing that has blown up in their OS? Not to my knowledge, the only financial liablity they have is from trying to create a monopoly which will only grow stronger if this law if passed that takes away the openess of our community.

    • Don't you think that including source code, is a form of transferring that responsibility, since it also transfers power?

      If I have power over you, I should be held responsible for how I use that power. If I get rid of that power, by giving you the ability to take matters into your own hands, didn't I just get rid of my responsibility too?

    • by _xeno_ ( 155264 ) on Wednesday August 07, 2002 @10:08AM (#4025140) Homepage Journal
      Actually, software warranties are a bad idea in almost all cases anyway.

      The real problem with software is that it interacts with other software in a complex and often difficult to understand way. For example, if I discover that Product A managed to corrupt my hard drive and erase all my work, should the manufactorer of Product A be liable?

      However, what if the reason Product A corrupted my hard drive was because Product B overwrote some of the libraries that Product A uses, causing an incompatibility. Now who is liable? The maker of Product A or Product B?

      But for added fun, let's say that the libraries were part of Product C that both Product A and Product B use. And Product B overwrote Product A's libraries because it had a newer version of the software that supposedly had bug fixes in it. Now who is liable? Manufactorer A, B, or C?

      For added fun, let's assume that the incompatibility was actually caused due to a bug in the BIOS, that caused data corruption when sending data to the harddrive. Now who's liable? A, B, C, or D - the manufactorer of the BIOS?

      But we're not done yet. It turns out that the command the BIOS sends to the harddrive is invalid, and should cause the hard drive to signal an error back to the BIOS. But because of buggy firmware, it instead writes random data to a random location. So a combination of A, B, C, D, and a hard drive with buggy firmware by E is what caused the data corruption. So when A, B, C, D, and then E - the buggy harddrive - combine, your data can be corrupted.

      So - who's responsible? Is A responsible - they bug tested their software with Version 1 of Product C. But Product B installed Version 2 of Product C. So is Product A or Product B the actual culprit? Or is Version 2 of Product C responsible? But then again, Product C only caused a bug in the BIOS - which gave a command to the harddrive that should have caused an error but instead caused data to be written in the wrong fashion.

      The real problem with software is that frequently bugs can come up when there are weird combinations of hardware and software that cause software to enter into states that the manufactorer never expected. Plus when you throw viruses and programs that alter the way fundamental components of the OS interact (think drivers, debuggers, or special programs like display "enhancers" or firewalls), the total number of combinations that might cause damage rise incredibly, and it become infeasable to anticipate and test every combination.

      Especially when it works in the test lab with 100% accuracy, because the test lab does not have the fatal combination of software and hardware that eventually causes damage. So even though every manufactorer tested their component to work assuming everything else was working properly, when one thing turns out to generate a slightly wrong command, a whole chain of incompatibilies can result. Making software warranties a huge blame game.

      Software warranties are really only feasable for a given configuration, with the user understanding that installing new software or hardware and making certain configuration changes will void the warranty. Which makes them next to useless anyway. And if the software manufactorer releases a patch to fix a known issue, are they liable for the issue anymore if people do not install the patch within a reasonable amount of time?

      Responsibility is fine, but sometimes responsibility just means providing a fix and telling people of known issues. It is impossible to warrant against every possible condition. This is why most warranties specifically disclaim liability if the owner uses the device in a fashion that is unintended - the manufactorer cannot warrant the device "work" in a scenario that it is not supposed to be used in.

      • The real problem with software is that frequently bugs can come up when there are weird combinations of hardware and software that cause software to enter into states that the manufactorer never expected.
        By that rationale, companies like Apple should have no problem providing a warranty for the OS. After all, they design (or pick) the hardware that goes into every computer. Apple has been touting this as an advantage for years.
        • Apple only picks the hardware and software that goes into the distributed OS. They have zero control over what the end user installs on their system.

          Under their previous offerings this could cause some real issues (thus the extension manager and programs like Conflict Catcher were born). There probably should be something similar for Win2K, although Win2K is way more fault-tolerant than the older MacOSes.

          I'm not sure how Linux avoids the issue, except that it rarely has full-featured drivers for the latest hardware.
    • If you get a receipt of purchase, you should get a warranty. Otherwise, all bets are off.
  • warranties!? (Score:3, Insightful)

    by tanveer1979 ( 530624 ) on Wednesday August 07, 2002 @08:32AM (#4024547) Homepage Journal
    AFAIK, most software is without warranty. Even windows. Nobody provides warranties. If this comes into force, it will basically kill the software industry, wether open-source or closed source.
    Software can never be without problems.
    Just imagine half the population putting lawsuits! Law will have to be outsourced mebbe!
    • Re:warranties!? (Score:2, Interesting)

      by Anonymous Coward
      "AFAIK, most software is without warranty. Even windows. "

      Thats the problem... The customers shouldn't be required to take this shit. If you make a product available you should be responsible for it. Everyone else is.

      We all know software is more complex than a microwave for example but there must still be basic resposibilities either way.

      The cost that those resposibilities has should be considered when the price is set on the produt.
    • Re:warranties!? (Score:2, Informative)

      by bjschrock ( 557973 )
      AFAIK, most software is without warranty.

      I thought so too, but I just got some software that had a "limited warranty" on it. It came with my 3Com 802.11b card, and I was a little shocked when I found there was a "Software" section on the limited warranty card. The software did also come with a EULA, but the warranty actually said the software was guaranteed to provide reasonable functionality to the user (which is pretty basic, but at least they "guarantee" it). It's not much, but it's better than nothing.
    • Re:warranties!? (Score:2, Interesting)

      by grahamm ( 8844 )

      Software used to come with warranties. When I first started work, the mainframe software had bugs but the supplier was contracted to fix (or provide work arounds) for any problems we encountered. Granted, we had to pay for this and the time to fix (and thus the priority given by the supplier) depended on the severity of impact to our business.

      Most suppliers now make you wait, and pay, for the next version upgrade in order to get bugs fixed. So what would be wrong, both for closed and open source, software suppliers to provide a waranty to fix (genuine) bugs in a timely manner. To a great extent the open source community already does this. It often does not take long between a (serious) bug or security problem being reported and a fix being published.

    • Re:warranties!? (Score:5, Insightful)

      by Zathrus ( 232140 ) on Wednesday August 07, 2002 @09:43AM (#4024968) Homepage
      AFAIK, most software is without warranty

      Currently, yes. Although if you sell it as a commercial good then there's usually the implied warrantee of it being usable for its marketed purpose.

      Most EULA's disclaim any and all warrantees, which may or may not be legal depending on the state laws and legal system.

      The change the UCITA brings is that there is a stronger implied warrantee - not only that software is good for its marketed purpose, but that it is non-damaging and reasonably bug free (note - IANAL, so I may be reading more into the UCITA than there is actually there). You can disclaim these warrantees (see above), but that requires an explicit agreement between the consumer and the vendor, in the form of an EULA or click wrap installer.

      The Open Source world doesn't have either right now, at least by and large. And a lot of people in the OSS movement disagree with the concepts of an EULA and/or click-wrap licensing on an ethical standpoint. UCITA would require them to either change their standpoint or potentially get sued for thousands or millions of dollars.

      As a developer I'm not sure where I stand on the issue. On one hand, I do believe that software should be held to the same standards as most other goods. If you tell me that TurboTax 2002 is a tax software program, then I expect it to do a reasonable job at filing my taxes and to not wipe my hard drive (disclaimer - I've never had a problem with TurboTax. Put the lawyers down). On the other hand, software is freaking complex, and the US is over litigious. Who knows what a judge and jury may decide is covered by the implied warrantee and what isn't, and certainly liability has the potential for killing OSS development dead within the US. Not a good thing.
  • by Sheetrock ( 152993 ) on Wednesday August 07, 2002 @08:33AM (#4024552) Homepage Journal
    I don't agree with the argument in the article that commercially-packaged Free Software being sold alongside other commercial software should have to abide by the same warranty obligation of commercial software (which is essentially worthless at the 90-day limit EULAs set, but that's beside the point.) Actually, this type of restriction would seem to put a damper on massive bundling of free/cheap software as well as game companies dumping old games in the bargain bins, as warranty obligations can get pretty expensive. This could use a bit of rethinking.
  • by TibbonZero ( 571809 ) <Tibbon&gmail,com> on Wednesday August 07, 2002 @08:36AM (#4024572) Homepage Journal
    Perhaps this could work in our favor;

    By the time you have read this warrenty, or installed the product, your warrenty is null and void. You could call us, but we won't pick up the phone. :)

    It's almost as good as Microsoft's

    • Unfortunately, if this is a requirement, then the distribution media will need to be encoded to ensure that you must have encountered the notice before being able to access the software.

      This is still a bad law. And we are only skimming the surface. (It was reported be 2,000 pages long a year ago. How long is it now?)

  • Clear Solution (Score:5, Interesting)

    by 4of12 ( 97621 ) on Wednesday August 07, 2002 @08:37AM (#4024580) Homepage Journal

    Amend the UCITA so that all software sold is required either:

    • to provide a warranty, or
    • to provide full open access to the source code so the user may modify it as they see fit.
    completely at the pleasure of the software author or vendor.
    • Yes, really though, eh?

      The warranty should read something like:
      By using this product you certify yourself as an authoritative source of warranty for this product. Should you encounter problems, you are required to fix them in accordance with your expectations of the warranty.

      Help people help themselves.
  • Maybe requiring to have a warranty *option* *available* would be more feasible. Vendors
    could sell (or give away) unwarrantied versions,
    and sell warrantied versions, for consumers that
    demanded them. The price difference would be up to the vendor.
    • Yeah, sure that will work great.

      Let's see if I'm Microsoft, I'll charge $300 for a non-warranty version and $300,000 for a warranty version on a warranty that lasts all of three years. Big companies are basically forced to use warranty one on critical computers because when they call for tech support they are told to buy the warranty version.

      I do like the option previously commented:

      1) Stand behind your product (Warranty)
      or
      2) Let me fix it when it fucking breaks (Open Source)
  • by Billy Bo Bob ( 87919 ) on Wednesday August 07, 2002 @08:41AM (#4024609)
    ...in particular:

    "And software distributed for free would still be required under UCITA to carry a warranty if there's a charge for installation services or an accompanying maintenance contract."

    You take money to install/maintain it, you provide a warrantee. I like the sound of that; otherwise you could be any old chump just taking peoples money.

    Note also that:

    "the new UCITA would exempt from warranty an Open Source product that was sold for the cost of the media it was on, such as a $3 Linux CD set."

    Which again makes perfect sense. Where it gets hazy is when 'free' software is sold for a cost above media but obviously below the amount required for maintenance; this will be a tough thing to iron out.

  • Warranty (Score:5, Insightful)

    by jbolden ( 176878 ) on Wednesday August 07, 2002 @08:42AM (#4024615) Homepage
    > And software distributed for free would still
    > be required under UCITA to carry a warranty if
    > there's a charge for installation services or
    > an accompanying maintenance contract.

    That seems pretty reasonable. If I agree to install open source software to do X and charge you for it and the software doesn't do X I'm in breach.

    That doesn't effect open source it effects pay distributions which makes claims. The article says as much, "One is an acknowledgment that a notice license -- such as the GPL or BSD licenses -- is not governed by UCITA, as opposed to contractual licenses".

    In any case the worse that UCITA has ever had is "Implied warranty of merchantability. An implied obligation that a computer program will be fit for the ordinary purposes for which it is used. UCITA makes this warranty applicable to all computer programs, thus expanding the scope to software currently governed by common law which does not have this warranty." This is a clarification of the law. For example if SAMBA releases a beta version it wouldn't be covered because beta software's common use is to help find bugs and allow for layored developement in the future release version. If SAMBA released a release version for free it wouldn't be covered. If RedHat said on their box "the new SAMBA 3 will allow you to add a Linux box to a Windows 2000 domain" then SAMBA 3 as shipped by RedHat would need to provide that functionality. If RedHat is bothering to check out SAMBA 3 then they can't make claims about its functionality when the sell the distribution instead they can say, "The package includes a functional version of Samba 3, the Samba 3 group claims this allow you to add a Linux box to a Windows 2000 domain" which is probably a more accurete description of their state of knowledge at the time the distribution is released. The net effect of this is that paid distributions can't engage in false advertising. I don't know any that really do though some are a bit careless in their language. This may be a good thing for Open Source as it will require distributions to clearly describe what they do and what they don't do.

    • Re:Warranty (Score:3, Insightful)

      by Observer ( 91365 )
      That [warranty if there's a charge for installation or support] seems pretty reasonable. If I agree to install open source software to do X and charge you for it and the software doesn't do X I'm in breach.
      Agreed, if the warranty is on the service that you are providing. From the article quote that you're responding to, the concern is that the opensource freely-donated software that you've decided to use would have to provide a warranty if it was utilised in these circumstances. If that's an accurate summary of that aspect of UCITA then there's cause for valid concern on the part of both open-source software donators and you as a service provider since you may find it inadvisable to use software whose authors are unable or unwilling to provide a warranty that fits this particular US law's requirements.

      No disagreement with your other comments about distributors of collections of software making clear the extent to which they are standing behind them.

      <soapbox>

      It seems to me that there's a certain amount of special pleading going on here from open-source advocates. On the one hand, claims are made for its superior quality and lower cost of ownership, but at the same time there's a strong tendency to devolve responsibility for checking that the quality is adequate to the people and organisations who decide to use it. And, as we've seen with some embarassing incidents recently, there's also a tendency to assume that the many-eyes checking has already been done - by other people.

      I like the idea that software should be covered by the "fitness for ordinary use" criterion that applies to most other products and services; I don't see it as self-evident that open source software should automatically be given special treatment.

      </soapbox>

      --
      Hey, where's my karma gone?

  • Fix it like this. (Score:2, Interesting)

    by sbaker ( 47485 )
    If the limit of one's *LIABILITY* under the warranty was the cost
    of the software license - then we'd be OK.

    * OpenSource Software authors charge $0 for their code,
    so their liability is $0. There is a warranty - but it's
    practical impact is zero.

    * RedHat et al charge for the cost of putting free software
    onto physical media - but the software is still free so
    long as it can still be freely redistributed. So their
    liability is only for the non-free parts of their distro.

    That's also fine by me - it gives them an incentive to
    keep their distro's squeaky-clean and freely distributable.

    * Microsoft suffer horribly because whenever WORD crashes,
    I can demand to be refunded the entire cost of the package.

    They'd go bust *very* quickly - which is fine by me!

    * Large software companies that produce reasonably reliable
    code and charge reasonable amounts of money for it are
    under great incentive to write code that (whilst it may
    not be 100% bug-free) is sufficiently reliable that they
    won't get significant numbers of warranty returns.

    Good!

    If the limit of liability is the cost of the *damage* done by
    bad software then it's not just the OpenSource world that'll
    be out of business - it would be hard to imagine *ANY* generic
    software such as operating systems, compilers, word processors
    surviving the barrage of law suits that would immediately result.

    Bring it on I say!
    • Ok, but I have a question then: how much of the Windows OS do you actually pay for? If MS says they're only charging for kernel32.dll and everything else that installs with it (IE, notepad, solitaire, all other DLLs...) is a "free bonus", what recourse does anyone have? Unless you can *prove* that the damage was done by the kernel itself. It would be easier to make claims on things like Office, I suppose.
  • by tlambert ( 566799 ) on Wednesday August 07, 2002 @08:51AM (#4024667)
    Idemnify authors of public domain information against civil legal threat arising from the work itself or derivative works.

    That's why the UCB, MIT, and CMU Licenses exist in the first place, rather than the code being placed in the public domain.

    If you want to control your code after the fact, fine: accept the liablity associated with doing that, as your cost for the payment of being granted that control. The sole reason most University developed code in these cases is not in the public domain is that a license was required to obtainlegal indemnification.

    I don't think this would keep people from releasing under the (L)GPL or Artistic License or MPL, or SCSL, etc., if they felt the control they got by affixing the license was worth the cost.

    -- Terry
  • No one wants to be responsible for anything anymore. That is why we have so many lawyers running around suing people. When something goes wrong someone has to be responsible. It could be the person himself who got in trouble or someone else, yet no one will ever take the responsibility upon themselves.

    Slashdotters complain about lawyers suing for this and that all the time, yet they don't want to be responsible for the software they write. Write good software and provide a warranty, or else you are just promoting the lack of responsible ethics this country has.
  • warrenty (Score:2, Insightful)

    by kcroke ( 466899 )
    how about a money back gaurentee?
  • but it will cost a lot more...

    Take cars for example, it's possible for a big company like GM to create a new car in a couple of weeks. But they have to give a warranty on it, and they have to make certain that the car is safe. So they spend months and months of testing the car in every immaginable way. They have to be sure that the car will be free from serious defects for at least the lenght of the warranty, but more than that for the safety (or they'll have costly recalls!).

    You can do the same with software, where I work the testing time is often 3 to 4 times longer than the time it took to develop the program. So you have projects that took 1 month to make but 3 months to test. That's expensive but a bug in calculating interests for example can be a lot more expensive than that if you discover it a couple of years later!
  • Kunze says the new changes stop short of exempting Open Source software a customer has purchased from carrying a warranty. And software distributed for free would still be required under UCITA to carry a warranty if there's a charge for installation services or an accompanying maintenance contract.

    When you buy most open source software, what you're actually paying for is the packaging, documentation and distribution of same. You can guarantee this: If the shrink wrap is not broken, the CDs inside are guaranteed to be unbroken and free from scratches. The books inside are guaranteed to not be dog eared.

    Other, custom open source software already has a kind of warranty- the contractor is writing it for you. If it doesn't work, he isn't finished yet.

    It's easy to guarantee installation. It's installed properly, right? The maintainance contract is in itself a form of warranty.

    None of these are ways of weaseling out of ethical obligations. They reflect the realistic expectations of just about everybody involved in computers and open source. Free software isn't a product to be sold, so it in and of itself can not have a real warranty. The things actually sold can realistically be guaranteed. If the stupid politicians want to force geeks to expose themselves to financial liability, then the geeks just have to expose themselves to the same liability that MS has always done: none. Including the source code can be its own insurance. A lot of "liability" can be shifted if the customer has it.

    Basically this is a layer of overhead that proprietary guys already have (without adding to their responsibilities) and now they want to saddle open source folks with the expense and distraction while adding to their FUD. Easy to get around, easy to overcome.

  • by peter303 ( 12292 ) on Wednesday August 07, 2002 @08:59AM (#4024705)
    If lawyers are suing fast food chains for cauing obesity health problems, it is only a matter of time before they latch onto the software industry. MicroSoft has $38 billion in cash tempting them.
    • "MicroSoft has $38 billion in cash tempting them."

      Yes, but Microsoft also has $38 billion in cash to say "We can afford enough lawyers to sink a fleet of battleships. We can buy off anyone neccessary to make sure this case goes nowhere".

      Maran
  • by ebbe11 ( 121118 ) on Wednesday August 07, 2002 @08:59AM (#4024709)
    Among other things, Kunze points out that Free software projects could be effectively discouraged from releasing software if software producers are required to provide warranties

    Easy. Let the warranty state that if the users are not satisfied with the free software product, they will get their money back.

  • I agree with UCITA (Score:5, Insightful)

    by x mani x ( 21412 ) <mghase&cs,mcgill,ca> on Wednesday August 07, 2002 @09:00AM (#4024718) Homepage
    BEGIN QUOTE

    Ring clarifies that the new UCITA would exempt from warranty an Open Source product that was sold for the cost of the media it was on, such as a $3 Linux CD set. But a Red Hat boxed set selling at Wal-Mart for $60 would fall under UCITA's warranty provisions.

    "If you're packaging that as a commercial product, then you're in the business that every other software purveyor is in," Ring says. In Ring's way of thinking, you then should abide by the same warranty rules as the rest of the industry.

    END QUOTE

    What is wrong with this? I thought this was a major part of RedHat's business strategy -- to put together a solid, enterprise-class distribution, and market it and sell it as such. If they are going to charge more than the media cost for it, as well as have support contracts and such, they should absolutely provide industry standard warranties for the software included. If they feel that's unfair, then the message they are conveying about Free software becomes highly Microsoftian. (in other words; if you refuse to apply industry-standard warranties on your so-called enterprise software just because it is OSS, what is that saying about OSS?)

    Note that for those of us who download images or buy linux distros for media cost, these warranties (of course) do not apply, as the UCITA chairman states.

    All in all, I believe the guidelines UCITA is presenting are just fine. If RedHat wants to play with the big fish, it must be held accountable by the same standards, regardless of how its software was developed.

    I've been using RedHat Linux consistently since the 4.x days, and personally think it is a great distro. However, if I was choosing the platform for an important new server for my business, I would go the Sun route if RedHat refused to subscribe to standard software warranties, regardless of any initial price differences (which, as we all know, are insignificant in the long run, especially relative to admin costs).

    Just my chunk of change, please go ahead and correct me wherever I'm wrong, this issue is totally new to me.
    • by mjh ( 57755 )
      if I was choosing the platform for an important new server for my business, I would go the Sun route if RedHat refused to subscribe to standard software warranties

      This is exactly why software warranties and software liability exclusions for OSS are problems. I even wrote a journel entry on this topic. [slashdot.org] Giving an exclusion to Red Hat or Mandrake or whoever for software warranties or software liability does not actually help Red Hat or Mandrake or whoever.

      My conclusion? Don't require software warranties or liability at all. The problem with bad software is not that it's not warranted. It's that there's no reason for the monopolist to produce better software. I think that competition will be dramatically more effective at producing good software than legislated warranties. Creating a law simply means that the vendor has to spend a little bit of effort to find the loophole in the law that will let them to continue to produce crappy software with little recourse for the consumer. Create competition, on the other hand, and the vendor now has motivation to actually produce good software or the consumer is going to go somewhere else.

      A law is NOT the way to handle this. Let's not create a law (with loopholes) until after a competitive market (*) has proven insufficient.

      (*) The existance of an illegal monopoly means that we do not currently have a competitive market.

      $.02

      • Agreed. Mandated software warranties are a truly horrible idea. Where did they get the warranty idea? Oh, that's right-- companies voluntarily offer them on a number of products as a competitive advantage. There's no law that anyone has to offer me a warranty on dishwashers, but many dishwashers have them because it's a competitive market.

        If I want to make a piece of horribly bug-ridden software and sell it, I should be allowed to-- and absolutely no one should buy it.
    • If they [RedHat] are going to charge more than the media cost for it, as well as have support contracts and such, they should absolutely provide industry standard warranties for the software included.

      I fully agree. If RH thinks it cannot provide warranty for the all packages then it should only include those packages that it feels comfortable to provide warranty for. I'd accept that RH distributed some software without warranty on the same media but that should be added extra only. IMO UCITA should explicitly disallow advertising of included software if that software isn't covered by the warranty--or at least require that such software would be highly visibly marked as no-warranty-stuff. Otherwise they could give warranty for something like "cat" or "echo" and advertise other software on the media (like gcc, mozilla and openoffice) and provide no warranty of any kind for those.

      Minimum warranty for any software should be money back. This way any free (as in beer) software could be distributed practically without warranty. One thing to consider is that if the full distribution costs $50 and a single package inside it is broken (say evolution) should the customer get back $50 or something less because only one feature is broken and the rest is fully functional?

      One interesting guestion is how long should the warranty be at the bare minimum? Until the shrink wrap is broken? Up to 100 hours of usage? 90 days?

    • The problem is the idea that there should necessarily be industry-standard warranties for all commercial products. Standard warranties are good for when the user can't do anything about the quality of the product. With Open Source/Free Software, the user can change the product himself, or hire a third-party to do it. With proprietary, closed-source products, this is not an option; the user is beholder is beholden to the vendor.

      The answer is obvious when you just keep in mind what industry-standard warranties are actually good for.

  • by gosand ( 234100 ) on Wednesday August 07, 2002 @09:04AM (#4024742)
    Yeah, this would be bad for Open Source. It would be bad for Microsoft too. Of course, they would probably just legaleze their way around the warranty in the EULA.

    At first I thought that nobody would win with software warranties, but then I realized that Microsoft would. They could weather the legal storm, whereas Linux couldn't.

    In reality though, there could be no warranty. It would be so jam-packed with disclaimers it would basically be useless. Bumper to bumper warranty my ass - read the fine print.

  • The solution to this is trivial. If you don't pay for software, you aren't required to be given any warranty. Fair enough? Then free software released to the public and not paid for is under no obligation to provide a warranty.

    In the case of RedHat or other vendors of Linux software, they would, of course be responsible for providing a warranty on the software they include in their package. Any liability related to that software being solely born by RedHat, who's making the money, not the original developers/maintainers of the software.

    Is this really that hard or unintuitive?
  • I agree with RedHat, here is my reasoning.

    One of the major warranty problems I see in commercial software is the lack of a requirement for a commercial software vendor to fix bugs that impact the customer. With Open Source software, the customer has the ability to fix the problem on their own. (Either themselves, or through contractors.) That is the major difference. Another question, is who really owns GPL'd software? Is it Mr. Public Domain? Ok, let all get together an sue Mr. Public. In Open Source, the customer actually takes over more ownership of the software than in most commercial licenses. Don't believe me? Try to distribute MS Office in mass quantities and see what happens. Then look at Mandrake, a RedHat "core" user.

    The rules are different. The end user product is different. It is like leasing a car which must be fixed at a certain dealer vs. buying a car you can take to any mechanic.

    -Pete
    • Exactly right. The pe(rson|eople) who can fix the source should be responsible for fixing it for paying customers.

      With proprietary software, that's the company's responsibility. If the source is available, but only the company is allowed to change it, then it's still the company's responsibility. If the source is freely modifiable, then it's anyone's/everyone's responsibility, no matter who was paid for the software.

      In other words, if someone controls modification of the software through IP laws (copyright, patent, trademark, trade secret, whatever), then that entity has the responsibility to fix it. If they give up this control over the software, then they also give up the responsibility to warranty it, because anyone can then fix it legally.

  • "The organization is comprised of more than 300 lawyers, judges and law professors"

    Does anybody expect that group to write any thing but a set of rules that favores their profession -- ie, the more litigation the better?

    these issues have to be looked at, but technical people, and business people -- not just 300 ambulance chasers -- need to be involved.

  • I understand that the UCITA works only in the US, so does it cover me if (a) I buy software from directly from a website for instance that is base din the USA and I'm in Europe. Or (b) the other way round, me being inthe USA buys software froma website based in Europe? Or does it depend on where I regsiter the software? Or what?
  • Obviously if you are able to compile your own code and it blows up then you are responsible. If, however, I have to look at a warranty for a Microsoft solution and one that has been more thoroughly tested and implemented in say Red Hat's version of Linux, then hands down I'll take the Red Hat version. Having to supply a warranty and therefore taking some liability is Microsoft's worse nightmare. Could you imagine being held financially liable for all the failures of IIS (nimda's, Iloveyous and so on)
  • Its worth noting that in other jurisdictions an "implied warranty of merchantability", to use the phrase common in the USA, cannot be disclaimed. IMHO this is probably one of the reasons that software companies are so reluctant to admit to selling you a product rather than licensing you to use it. If, for example, in the UK they were to sell you a piece of software rather than a license to use it then the sale of goods act would require that it was "of merchantable quality". Selling you a license seems to apply that standard to the license not to the software itself and guess what - "you're allowed to use it, therefore the license we sold you has performed exactly the function we sold it for..."

    Maybe the law should require that when puchasing a software license that exchanges a one-time fee for a non-expiring license then that transaction must be treated as a de facto sale of this copy of the software. Instant applicability of implied warranties and, as a side note, also strengthening the applicability of the first sale doctrine and making sure that an EULA cannot limit a customers rights any more severely than in any other sale.

    Of course, if that were ever to happen then commercial software users would really be in trouble. The software companies would sell nothing but subscriptions, licenses would last a year at most (assuming the loophole of "not a non-expiring license - it expires in 99 years" is plugged) and every piece of commercial software would contain timebombs.

    Unfortunately, for so long as people want what they are selling badly enough the software giants hope to get away with providing it on any terms they want. THAT is why they are so scared of open source and/or free software. Even if we admit the questionable argument that commercially produced software is supposedly "higher quality" (dont see it myself but...) we are already at the stage where mainstream users are finding their relationship with the software companies almost as inconvenient as coping with the supposed shortfalls of open source alternatives. Add just that little bit of extra hassle (like recurring fees, time-limited installations etc...) and the balance could easily tip.

  • This is all fine and dandy by me, PROVIDED that the warranty is null and void if you haven't updated the software to the latest version. Onus for that should be entirely on the head of the end user. Then I guess there should be some reasonable period of time where updates are free, so somebody can't release a $10 updated once a week, and claim that your warranty is hosed if you don't pay it. Other than that, I can see this working out.
    • If the warranty only applies to the latest version, then you'll see big software companies bringing out new versions every few months, so that the warranties will be voided by the new version before many of the significant bugs/security holes are found. Is this really what you want?

      • If you had to purchase a new license every two months, wouldn't you try to find a new vendor? I don't see that being an issue since most people would just find software that's got a lower TCO, as many seem to be doing now by moving to free software.
        • I was assuming that the upgrades were free, like your original post. Yeah, even then the TCO would be horrible due to the work of testing, installing, and integrating the new versions so often.

          But my concern was the security more than the TCO - a lot of security holes are not found immediately upon release, and if the warranty on the previous version is voided when a new version is available, then there would be much less incentive for the manufacturer to fix security holes in previous versions.

          The reason I'm thinking about this model is that it fits very well with the "subscription with automatic upgrades" model that seems to be on its way.

          Finding a new vendor is an option only if there is an alternative vendor whose product is similar enough that it doesn't add huge re-training and support costs to the TCO. Works for some products...doesn't for others...

  • As I read it, these warranties only have to be provided if you sell your open-source product, or if you charge money for installation.

    In other words, the Red Hat's of this world would have to check that distro they're selling at $50 a pop or whatever actually contains working programs.

    Debian, on the other hand, who sell nothing would not be forced to provide a warranty. Neither would I, if I just started up my trifling little open-source project and gave the results away for free. Neither would kernel.org, because they give their results away for free as well.

    Interestingly, Red Hat wouldn't have to provide a warranty to me either, since I just download the ISOs. They haven't sold me anything.

    Sounds eminently reasonable to me. If I pay for something, I want to know it works. If I'm just aquiring stuff for free, I have no right to demand a warranty from anyone.

    Cheers,
    Ian

  • Easy! Just allow warrentee disclaimers only when source is available [not necessarily free]. The justification is that the user has the possibility of inspecting the code for problems that his use might cause, and fix them.

    No user can reasonably evaluate binaries for suitability [they'll have more than enough trouble with `c`, but at least could do it]. Yet no coder can predict all the crazy cases that users will run. There has to be some shared work.

  • "and objections raised to the resulting language by Red Hat lawyer Carol Kunze. Among other things, Kunze points out that Free software projects could be effectively discouraged from releasing software if software producers are required to provide warranties -- imagine trying to provide warranties on all the packages available to Debian users, for instance, or every bit of software included with Mandrake Linux."

    This is the cost of doing business. It sounds like RedHat just wants a "free-ride" without all the problems of competing in a free market. I think it would be a far greater travesty to allow legislation to seperate OSS/Free Software from proproetary software solution providers. Business is business and if you can't provide and reasonably (based on a legal definition fo reasonable, not some /. geeks idea of reasonable) support your product then you should not be in business.
  • What a shame that the world can't make up it's mind whether a piece of software is a functioning machine, or an expression.

    If it's an expression, then it's protected by Free Speech guarantees, and is copyrightable. And the concept of warranty doesn't make sense.

    If it's a machine, then liability and rental contracts make sense, but speech protection and copyright don't.


    When someone speaks an imperative command, you may decide to obey it. But when you do, the expression didn't magically just transform into a machine. You are the machine. Don't ever forget that. "Below every tangled hierarchy lies an inviolate level" -- Douglas Hofstadter.

    Keep the warranty and liability discussion limited to machines. It's the user's decision, what commands that machine obeys. If you don't want the risk, then don't run the software. And don't call me an elitist snob for saying that people should be responsible for their computers. Yeah, it's a hard responsibility to take. So what? Why should difficulty somehow get you off the hook?

    Medicine is a difficult topic to master as well, and those who have and given the title "Doctor." But that difficulty doesn't mean that people aren't responsible for their own health. Oh wait, that's exactly what some people are saying [go.com]... What a price, indeed.

  • Digital used to put out a document, called the software product description (SPD), and then warrantied that the software would perform as the SPD said.

    Users would either get a problem reported as a bug, and fixed, or could get their money back.

    Linux should do the same, each distribution should have such a document, stating what Linux does, and warrants against it. If a problem is found, either accept the problem as a bug, and promise a resolution. Or give the money back, that was paid for the distro.

    It isn't that far from the current Linux model, in that there is an army of people looking to fix various bugs, IE things that don't work as documented.
    • Exactly. And that's what you should get when you buy from Red Hat, as opposed to a free download. Quality control and a warranty. That's what the Linux companies can actually provide that's of value.

      If VA Linux had done that, maybe they wouldn't be trading for 63 cents, down from $200.

  • Would the UCITA warranty requirements apply to alpha and beta releases? I haven't seen any mention of this topic, so I'd assume that the law treats all software the same in this respect.

    If so, it would effectively stop such releases, since they would be a guaranteed legal and financial disaster. But clearly labelled alpha and beta releases are a very good approach to getting customer feedback, both for bugs and for features that are difficult to understand (or missing).

    This is one of the ways in which software is different from most other commercial products. It's fairly rare for companies to provide test versions of products to customers, though it does happen. But it's very common with software.

    If the UCITA inhibits alpha and beta releases, the result would be much lower quality software.
  • The Oklahoma warranty that comes with most software clearly states:

    If it breaks in half, you get to keep both parts.

    Offering a stronger warranty isn't in the best interests of developers, because it adds liability. That's certainly something that would add weight to "Trustworthy Computing" and "Unbreakable" databases. Until legislation (such as the UCITA) specifies what legal warranty a user can expect from paid software, I won't expect to get one.

    In any event, I'd expect different treatment for source code than binaries, seeing as how you can fix it if something breaks, or pay someone else who can.

    JH
  • Industry-standard warranties are designed to ensure mechantability. This is most applicable when the user doesn't have an option of what how to get support for what he's bought. With Open Source/Free Software, this is not an issue; the user can fix it himself or hire a third-party. If the user wants a warranty, then consider paying for one by buying a RedHat product; however, don't mandate that RedHat always provide one.

    In this day and age I'm certainly not a fully free-market advocate, but I certainly don't see a problem with having users simply pay for warranties when they want one. With Open Source/Free Software, they are free to choose their support; there is no reason to tie together the seller with the supporter. This tie is only true for proprietary software, where all of the support companies are beholden to the proprietary vendor.

Single tasking: Just Say No.

Working...