The Third Bit

And I guess that the open source community is opposed too (unpaid contributions with the risk of a liability lawsuit?)

Haven’t seen any reaction from any open source projects yet — links?

The GPL has pretty explicit explicit language on “disclaimer of warranty” (Section 15) and “limitation of liability” (Section 16).

On the other hand, the GPL language explicitly allows you to charge for GPL software and offer a warranty.

Jordi is correct, http://blogs.zdnet.com/open-source/?p=4240

Here’s a link to a discussion:

http://www.linuxjournal.com/content/should-software-developers-be-liable-their-code

Lots of Free Software developers are skeptical about the European Commission and for good reason: the Commission consists of people who repeatedly try to push through bad legislation implementing things like recognition for software patents, and they do so through increasingly opaque methods.

One risk (noted in one comment in the referenced article) is that liability requirements lead to “certification” requirements: that some hardware can only be shipped with “certified” software, presumably of a proprietary nature. The last thing we all need is a tightening of software bundling practices which have led to the current, dismal lack of choice in the “consumer retail” sector.

Another risk involves the parallels this proposal has with the previous attempts to widen patentability: if you add a special instrument to regulate some market, you can be sure that such an instrument will be used to set aside the existing rules. So, where a patent holder can say that you can’t distribute a product even though you thought it up and made it all yourself, so might the result of liability legislation be that unless you transmutate your open source software into something resembling a locked-down proprietary product, you don’t get to ship software at all.

You can imagine who benefits in that situation, and given that the Commission isn’t elected, you can also use your imagination about where the ideas for such legislation are coming from.

We had a round-table at the PyGTA on Tuesday. http://blog.vrplumber.com/index.php?/archives/2334-Notes-from-PyGTAs-Programmer-Liability-Round-Table.html is the write-up from that. Lots of discussion from both sides of the track. IIRC Andre Morton (kernel dev) also came down on the negative side (for whatever reason).

Most of the arguments seemed to come down to “are people really willing to pay for it and deal with the restrictions?”, any non-trivial guarantees (e.g. damages or life liability) require that the programmers receive sufficient compensation to do the work of making the software “insurable”.

There was a lot of debate about whether the government should mandate or the market should dictate. All in all, no resolutions, just lots of discussion.

Unlimited liability without recompense seems unreasonable, and simply mandating that anyone who contributes anything should be held responsible for whatever happens regardless of how many assumptions of the code are being violated.

Has the GPL’s language on liability ever been tested in court?

Oh, and Principles of the Law of Software Contracts will have an affect on things as well.

And I guess that the open source community is opposed too (unpaid contributions with the risk of a liability lawsuit?)

This seems like a good idea to me. A big part of me believes that the reason we “cannot predict with a high degree of certainty … potential performance [of software]” is because no one cares. If I am not liable for my software, what incentive to I have to iron out the very last bugs in my software before I release? I’ll fix bugs when (and if) they are found. This is especially easy when my competitors have the same strategy, and when everyone gets to hide behind the same misconception of the halting problem. If we add some liability, there’s a chance that people will actually put some reasonable effort into software quality. Finally, all those people with formal methods PhDs under their belts will have something to do.

As for the potential harm done to the open source community, yeah – that could be a problem. I’m not willing to lose open source software over liability issues. But it seems clear to me that you should have to pay me for my product in order for me to be liable for it. I don’t know if it actually works that way, but it seems like it should. If a company is trying to make money with an open source product, then they can make the effort to verify its correctness and they can be liable. It could even potentially help the open source community – if static analysis tools become prevalent, it becomes much easier for open source project maintainers to include patches because they won’t have to worry (as much) about introducing bugs/security holes. Alright, fine… that wasn’t a great argument. But I don’t think it would be the end of the world for OSS.