I know the discussion has now moved more specifically into the liability for opensource developers, but I think my main gripe with the situation is not that companies in the software industry aren't made liable for their mistakes but that companies in the software industries are treated different from companies in other industries. For example the point about a disclaimer being invalid for a car maufacturer because they are a for-profit company, then why are Adobe seemingly allowed to disclaim fitness for purpose, quality of the product, and deny themselves liable for any faults, etc.

I am unsure how I feel towards opensource or non-profit organisations. My first feeling is that maybe they should be made liable, but the amount of liability restricted somewhat, or rather heavily depending on the circumstances. Surely if there was a case against a particular open source organisation and the damages where such that it didn't destroy the org, but was heavy enough that it made the org think about how they went about software developing thats a good thing? Of course there are a lot of factors that would need to be taken into account and considered. Anyway I don't know, some food for thought however

QUOTE :: by dark helmet
" I'm still just in law school. But don't worry, there's plenty of time for school to suck out the rest of my humanity "

"tax the bill !! tax the bill !! " , i was once being told by a grandma
"nah ... what for ..." , i replied , geeeze !! i dont even know what she was talking about !




ok ... just kidding ...

infact , sometimes i'm just curious about what would be the differences between a "normal" lawyer and an open source lawyer(or rather lawyers for the open source ?? i donno) , would there be any differences between these two kinds of lawyers , or theres simply no such thing as an "open source" lawyer ...


hope that you dont mind my layman un-researched language ...

close, the reason products like CARS can not use this type of disclaimer system is simple, well not quite, but you see what i am talking about, is due to the fact that the manufacture has 100% control over every aspect of their product. Yes this includes 3rd party bits they buy to add to their vehicle like tires. Then there is also the amount of money that goes into testing, retesting, and testing again of their product, not to mention the gov. regulations.

If all cars were "perfect" as the guy who wrote this article seems to think, then why do cars break down, why do they do strange things, why , why, why, why...? Simple, they are not perfect, but they do meet a min. standard set by some governing body and that was after spending millions of USD on testing.

The crash test is the best example of this testing and regulation process. why is it that there are multiple levels for crash test safety? Simple because it is NOT possible to build perfect. Humans are not perfect and never will by nor will they ever be able to build the perfect car.

So gov. have set minimum standards that vehicles have to attain before they can be "SOLD" to the general public or even to a single individual. So yes after millions of USD, years of testing behind closed doors, fixing, and fixing again after more testing, more millions and you still end up with a product that requires recalls all the time. the recalls are just no longer made public unless they are considered "life threatening".

The end result of that process is products that cost tens of thousands of dollars. This is why the cheapest car on the market today in the US starts around $13,000 and cars can go up into the $100,000.00 range and MORE. Why? simple all of the millions of dollars spent in developing a broken product that meats the min. gov. standards set by some agency to satisfy the public with a "reasonably safety" when they buy a car.

does that mean that a geo metro is as safe as a volvo? hell no, but it is legal to sell to the general public. there is no disclaimer for them. heck if you ask a car sales man for a safety crash test rating, you know what kind of response you will get? "go look for it" they will not give it out. why? simple it is your "implied safety". yet car makers, and car dealers do it all the time and get away with it.

So lets apply this to the writer of the articles thought for making ALL makers of software liable for any and all damages cause by faulty code.

1. this is the END of open source software.
2. software will start to cost as much as cars.
3. software will still not be 100% flawless.
4. software will still break.
5. companies who do not have 100,000,000.00 + in their bank accounts will no longer be able to legally produce code because they can not afford the risk or the productions, testing costs.
6. this will be the end of innovative software except for from a few companies who do have the 100,000,000.00 in their accounts.

is this really what anyone in the computer world wants except Bill Gates and his cronies? I know it is not what i want.

I can see holding companies like MS, Adobe, Apple more liable for pore code that was improperly tested and code that has not been fixed in years (can we say several of the security problems with the NT kernel that have been around and are still around since NT4) and are no were near being fixed any time soon. Holding some pore guy financially liable for a bit of software he wrote and stated hey look at this and use it if you want is a bit different.

you mentions that the agreement between 2 parties is acceptable, this is a large part of the GPL/GNU as i understand it. this is not the way Microsoft, Adobe, or any other large producer of close source software works. This is the difference between Closed and Open source codes, that and the MONEY involved.

All the writer of the article is going to succeed at doing is killing the open source world and putting more money in the pockets of companies like MS. If you hold the creators of software financially liable for bad for everyone not just open source, but for the public, and closed source companies too.

things will cost more money, they will not be as innovative, they will take longer to be released, thus not keeping up with the hardware technology, etc...

sorry, but i do not see how holding the closed source community to the same financial liabilities as the closed source community is fare.

Ok, this might be a poor choice, but I'm going to try and consolidate my responses here...

Central to the argument of the disclaimer is public policy. Lleb_Kcir touched on it briefly with this:
What I want to focus on is the "minimum standards" phrase used. That's the same thing as the "reasonable person" standard - just not in the same words. There's a qualifier in there that these standards only apply to things sold. That's where I have to disagree, and here's the rationale:

The regulations/minimum standards are in place to protect the public from unnecessary risk - to guarantee a minimum of safety. The public desires and expects that minimum standard whenever any product is distributed to the public. Free or paid-for, the product must meet these same minimum standards. The goal of public protection is not served by allowing for blanket exceptions based on cost.

Let me give another illustration by relating it back to the car industry (hang on primo, I'll discuss my broken record approach to analogies )

First, assume that the law did recognize a distinction between paid-for and free products. Specifically, that free products do not have to meet the minimum standards of care. What happens? The car dealerships change their model, very quickly. They are no longer selling you the car, they are giving you the car as long as you buy a service contract with them that costs, roughly $20,000, $30,000, or whatever. And there you have it, the auto maker is free from liability because the car was free in the truest sense of the word, and the dealership is still turning a profit. Essentially, nothing has changed, but we have a net drop in the level of protection for the public.

It doesn't take much effort to see a similar scheme could develop with software, especially considering all the licensing games we're all familiar with.

So, I hope that gives a little insight into the argument from my side that free vs. paid should not make a difference from a public protection standpoint when the software is provided to the public at large.



Would enforcing liability have an impact on open source? Sure it would, but there's already disagreement on how much impact. Lleb_KCir views it as the end of open source:
primo seems to favor the other side of the coin
I know it's not obvious from the quote, but it was in reference to identifying negligently included code, in an effort to prove breach earlier. The implication is, if it's hard to establish, it's hard to assign liability. If it's hard to assign liability, then the law really has only minimal effect, if any.

Alright, so Lleb_KCir and primo... 1... 2... Discuss!

Can the open source system be viewed as a "natural" system? Sure, as long as I understand the concept. At the same time, I also recognize the free market as a "natural" system. There are internal forces at work that govern how the system evolves, and are supposed to promote improvement. But the free market doesn't operate ideally, and very few people would say we should remove all regulation and just let the market take its natural course.

As a side note from a philosophical perspective (just as an observation - not meant as a discussion topic): where is the line drawn for what forces are included in a given system, and what forces are excluded? From a technical, practical, and philosophical standpoint, isn't any force capable of influencing the system (such as the government) necessarily a part of that system? Wouldn't those forces just bring out a natural response?



Enforcing liability on open source developers is not fair from the perspective of the developers. It is fair from the perspective of the public. And "fair" might not be a really appropriate word to apply. "Necessity" would probably be better. Whether fair or not, enforcing liability is necessary to maintain the protection of the public at large: coders, doctors, elderly, children, the "intellectually challenged", etc.



As promised, now the business about analogies.

Let me start by drawing an analogy... Just kidding!
Analogies are the foundation of law. Lawyers and judges are handed a bunch of rules by the legislature and told, "Go!" Those rules have words that must be interpreted. As time goes on, judges flush out what those words mean by deciding that situation X violates the rule and situation Y doesn't. So attorneys and judges are required to make analogies between X and Y to help them understand what the rule is saying. No set of circumstances will be identical to any previous case. There will always be a "but in this situation..." argument, and analogies guide in determining whether that "but" is relevant or not.

Also, analogies serve another purpose. The help extend the law to cover unanticipated events. The law shares the software philosophy of "don't reinvent the wheel." Laws are necessarily restricted articulations of an idea or concept. There is an underlying purpose behind the law that goes beyond its face value interpretation. Lawyers and judges will fallback on that purpose when the wording of the law fails to apply. Doing so requires an analogy to be drawn between sometimes very distinct areas, such as the automotive industry and software. The analogy is given as a hypothetical situation that can be twisted, tweaked, turned, and otherwise modified to approximate an ideal real-world example of that purpose. That's really the only tool lawyers and judges have in their toolbox. They can petition the legislature to write laws to address specific instances, but until that happens, they have to use analogies. The courts can't simply throw their hands up and say, "I give up! There's no law on the books about this."

So let everyone reading this be aware: when speaking with an attorney or judge, they will always use analogies because it is so heavily pounded into them as a way of life. There's also a nasty habit of them spewing out "what out this?" and "what about that?" chains of questions. It's nothing personal


And lastly, I made a poor choice of words:
That sort of implies chaos and unpredictability. There is certainly some unpredictability, but it is marginalized. Changes in the law are generally very gradual, because nobody wants unpredictable law, but yes, it can change. For the most part, courts are bound by previous decisions. If a higher court has made a ruling on a subject, the lower courts must follow their lead when presented with fact situations that clearly resemble the higher courts decision. Courts just can't say, "I don't agree with that previous decision, and I'm going to do my own thing." In doing so, an appellate court is likely to say, "Uh, dude, yeah, you are going to follow that previous decision." That scenario is not how the law changes and evolves. Typically, a lower court does what it's told, and applies the law according to precedent. One of the parties appeals to a higher court, and the court then says, "Yeah, the law in this jurisdiction has been X for years, but society has changed, and the interpretation of the law needs some revision."

Also, the courts aren't active in this process - they are passive. There may be hundreds, thousands of laws the courts would reinterpret given today's society, but they have to wait until someone challenges or tries to enforce that law.

I think I'm getting off-topic there, but I hope I got the idea across. The only entity that can enforce a switch-like state of liability would be the legislature, and we all know how speedy those guys are.

One other thing:
Oh no, I never said I agree with it I still haven't made a decision about that. The example was to show that even if the click can substitute for a signature, the disclaimer proposition still isn't supported.

When you buy a car you're paying some of the costs related to development, testing, marketing, taxes, etc. If you sign a contract where you renounce some of your rights in exchange for the money you didn't pay, then a court has to decide whether they're legal or not, and the car maker cannot be sure to be immune from this liability. But these contracts don't exist in the car industry. With software everyone assumes them and this is why I call them "natural" and this applies to the standard of good-practice too. Abuse belongs mostly to the $$ software industry where the euphemism "a bug is a feature" is the most common violation of common sense. Why refuse open source the privilege to be self-regulated if it has succeded so far? It's a new phenomenon and we're all benefiting from it as it is. Every good vs bad aspect of it overlap each other and there's no way to regulate it without diminishing its potential. Anyway I expect it some day to be challenged in courts, but it isn't obvious what is best.

Actually, in your example, you touched on a separate topic that influences whether disclaimers and licenses are legally recognized.

In our discussion, it's actually the reverse: the public can't negotiate for or against the license or disclaimer specifically. It's a take-it-or-leave-it proposition. These kind of "agreements" are standardized, form contracts (also known as adhesion contracts). I used the quotes around agreement earlier to indicate there's growing disfavor in the courts about these type of contracts and whether they should be enforceable

As always, there are reasons for and against. Some reasons for enforcement are pretty straightforward:

• There's benefit of legal history - it may be known how a section is interpreted by the courts
• It saves time and money - agreements can be "lego-ed" together
• It increases overall predictability with contracts

Some reasons against:

• Only one side has had the benefit of legal expertise in crafting the agreement
• The terms of the agreement can be couched in confusing and obscure language - reducing the likelihood of a clear understanding by all involved
• One side has all the power and can enforce its view on the other - there is no opportunity to negotiate

If it seems like a tough call, it's because it is. Like I mentioned, there's disagreement among jurisdictions, which means the judges themselves aren't sure - the arguments for both sides are compelling. But things are currently moving toward unenforceable.

And anybody thinking ahead, this could affect daily life profoundly. An apartment lease is a standard form agreement. Waivers when you purchase travel tickets are standard form agreements. And so on... Those standard forms might stick around, but if they're declared unenforceable, then good-faith effort could be required to negotiate one party's requested change. Sort of like the car contract example you gave to start.



Also, that's in conjunction with the public policy concerns. So there are at least two hurdles the disclaimer would have to clear before being recognized.


And I'll agree with you, that nobody knows which is better from an overall standpoint. As the occasional developer, I'm not exactly excited about possible liability. As a more than occasional consumer, it gives me a warm and fuzzy feeling that whatever I pick will work within reason, or I have some recourse if it doesn't.

This confidence is definitely not desirable and counter-productive. With a disclaimer, the user could not say he wasn't warned. The professional way for open source developers would be to make the user aware of the current experience so far, and to provide patches. Holding the developer liable would not prevent bugs. It would hamper innovation and it would anonymize open source making it even more vulnerable (with the potential side-effect that we wouldn't know who's who behind the software we're using). It is both a moral and pragmatic decision not to do so, and it has been our involuntary choice. Let's not forget that open source is a different approach for the use of software where the user is required to know a little bit more. The source is open, it was given to you as it is, and its fitness for purpose is based on the wish that it would be useful. The community is not divided into developers and users, we're all into it as we all can (if we wish) browse the source to know about unintended features, patch bugs (thus self-correcting itself), etc

That discussion would lead us down a path where personal belief or personal preference rule.

The position you're taking is a hands off approach. Let nature take its course. Who knows what might develop or whether interference would possibly destroy the chance for a better system to evolve. That is absolutely true. From a pure, objective analysis, you want the system to explore all possible paths, or you risk destroying the chance to find the optimum. It's trying to optimize increased performance in minimal time. The less restricted the system, a greater level of exploration is achieved.

The counter position is the system will not collapse by placing restrictions. By putting these forces (such as liability) in place, we are encouraging a particular aspect to develop more quickly - perhaps at the detriment of one or more aspects. It's prioritizing, and it may take longer to find the optimum system with those restrictions in place. Or those restrictions could make it impossible to find the optimum at all. However, it doesn't need to be optimum - just "good enough." That's true because we will never know our current system is optimal, and more appropriately practical limits often prevent implementation of systems perceived as better. Will improvements be slower? Sure, it would be silly to think they wouldn't be, but it will continue to improve.

And just to touch on...
I can't agree with that because easy to install distributions are readily available. There is no requirement that the user know anymore than a Windows or Mac user. Anyone can pick up the CD(s), install, and use open source software without possessing any more knowledge than how to click the install button. I would even go so far as to say they would not even see a single license or disclaimer in the install process, but my memory is not so good from the last time I installed FC4.

I'll agree, participation in the open source development model requires greater knowledge, but users aren't participating - they're using.