[long] Re: Legal traps in open source

Simon Fowler simon at himi.org
Thu Oct 31 02:13:22 EST 2002 

On Wed, Oct 30, 2002 at 07:17:40PM +1100, Alex Satrapa wrote:
> Would you make coffee with hot water?

As an aside, the McDonalds case you're referring to here was quite
reasonable: they'd repeatedly ignored similar cases, and were
serving their coffee far hotter than was safe, despite the fact that
it had caused injuries in the past. /That/ is a classic case of
negligence.

> Would you expect floors to be wet when you wash them?
> 
> Would you expect people to sue you if:
>  - They span their car off your gravel road because they lost traction?
>  - They electrocuted themselves by attempting to dry their hair in the 
> bath?
>  - They suffered a severe allergic reaction to the peanuts in your bag 
> that is labelled "mixed nuts"?
>  - After jumping over a 2m, barbed wire fence, they were run over by 
> construction equipment?
> 
> Right now, that's the environment you'll be releasing your "sue me ware" 
> into.  Once the courts can figure out how to throw out stupid claims, 
> yes, I expect software developers to take full responsibility for the 
> code they write.
> 
And what's to stop anyone from suing me /now/? As it stands anything
I sell in Australia has to meet standards of merchantability, and
carries an implied warranty - if it screws up, there isn't anything
an EULA can do to disclaim either of those. Aside from, of course,
not selling it - hello free software.

I'm really surprised this hasn't happened already, actually, given
the kind of crap that gets sold. I imagine it /will/ happen
eventually. 

> Imagine you wake up one morning after releasing the latest version of 
> Config::IniFiles (a Perl package that lets you use INI style config 
> files), and someone is suing you because it doesn't handle Java 
> Properties style config files.
> 
> Or what about a geniune mistake, such as the fact that in a file like:
> 
>   [Section]
>   value = parameter
> 
> ... your software doesn't realise that there's supposed to be a space in 
> front of the "p" as in " parameter"?
> 
> At present, thankfully, people are willing to say, "hey, please fix it!"
> 
Can you actually cite any cases where people were sued for that kind
of thing? I'm not entirely sure I'd believe it, even of the US legal
system . . . 

And in any case, how would being unable to disclaim liability change
things? It's always possible to sue, regardless of any EULA, and
givent he dubious legal standing of EULAs I'd be surprised if there
weren't plenty of greedy lawyers eager to challenge them. 

> Perhaps a good half-way point would be to limit damages to two times the 
>  money that the developer has ever made from the software?  This would 
> encourage big fish like Microsoft and Sun to clean up their act, while 
> not punishing the small fish like Sam Couter or Alan Cox* for being 
> small fish.
> 
How about we simply apply the same standards of liability as we do
now? They work fairly well, all told: they don't unduly constrain
business, and they proved a reasonable means for customers to
protect their interests. And they /can/ be applied to software. 

As I understand it (and I'm definitely not a lawyer, thankfully),
outside of gross negligence, where some error results in injury or
serious financial loss, you can't sue someone over a gift: the
assumption is that the receiver is responsible for ensuring that
dumb things won't happen. If you sell something, then barring gross
negligence the damages are proportional to the purchase price. So,
if you screw up seriously, you're liable for whatever the court
decides, otherwise you're only liable for something along the lines
of the original purchase price. What, exactly, is so terrible about
this?

It might be different in the US (though I suspect the fundamentals
are about the same), but I don't particularly care, since I'm not
/in/ the US. 

I'm quite happy to release my software given rules along the lines
of those above. I'd probably be happy to sell software, too. I don't
expect to be sued unless I've made some serious mistake, and if I
did, then I'd probably deserve to be sued. 

I think ultimately it gets down to this basic issue: I'd be very
reluctant to buy a car or a toaster or a TV or whatever if the 
manufacturer was going to disclaim all responsibiliy for the proper 
working of it. Why should /I/ as a software developer be held to 
lesser standards?

Simon

-- 
PGP public key Id 0x144A991C, or http://himi.org/stuff/himi.asc
(crappy) Homepage: http://himi.org
doe #237 (see http://www.lemuria.org/DeCSS) 
My DeCSS mirror: ftp://himi.org/pub/mirrors/css/ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20021031/b6c5d424/attachment.bin

More information about the linux mailing list