a proposed change to the OSD

Nathan Kelley digitaleon at runbox.com
Sun Nov 3 10:42:09 UTC 2002

To OSI License Discussion subscribers,

>>> From: Bruce Dodson <bruce_dodson at hotmail.com>,
>> From: John Cowan <jcowan at reutershealth.com>,
> From: Lawrence E. Rosen <lrosen at rosenlaw.com>,

>>> If there is no contract, you can't contract away liability.  But if 
>>> there's no direct relationship between you and the recipient (such 
>>> as a contract), it's hard to conceive of a way that you could be 
>>> held liable in the first place.  At least I, a mere software 
>>> developer, cannot conceive of one.
>> That used to be the law.  But people got tired of buying useless 
>> and/or dangerously defective products from stores and getting this 
>> answer:
>> Store: I had no way to know it was useless/defective: try the 
>> manufacturer.
>> Manufacturer: You and we have no privity of contract: try the store.
>> So after enough people got angry enough, the law was changed. Now 
>> manufacturers are liable for the useless/defective products they 
>> produce *to the ultimate consumer*, under a fiction of "implied 
>> warranty": the manufacturer is deemed to have issued such a warranty 
>> whether he has or not.  The warranty disclaimer is an attempt to 
>> dispose of this obligation, and 1) it may not work at all in some 
>> jurisdictions, and 2) it surely will not work unless the manufacturer 
>> SHOUTS it at the consumer in an unmistakable place.
> Yes, what John says is true.  And so we find ourselves in a situation 
> where manufactured products intended for consumers are covered by 
> mandatory warranties under federal law.  (Even some products that 
> contain Linux software in them!)  And there are effective product 
> liability and consumer protection statutes in nearly all states that 
> make manufacturers and distributors liable for the crap they foist on 
> the unsuspecting public.

OK. Let me see if I have this issue correct:

(1) Many open-source licenses are essentially Copyright Notices that 
place various restrictions on what can be done with the source code 
they cover, in accordance with the OSD and with how the author wishes 
their package to be used. These mainly deal with modification, 
re-distribution, and disclaiming liability & warranties.

(2) The consensus among legal experts here is that a Copyright Notice 
is not sufficient for disclaiming liabilities & warranties; for that, a 
contract must be used. As usual, to form a valid contract, the parties 
involved both have to agree to the contract and a consideration has to 
pass between the two.

(3) In view of the fact that many open-source packages are also gratis, 
the majority opinion is that consideration in this case is the act of 
downloading or otherwise obtaining the software, as opposed to 
receiving monies.

(4) Recent court cases plus advice have both indicated that mere use of 
a software package is not sufficient assent to form a contract; the 
terms of the contract must be displayed clearly, and an indication of 
the assent to the terms at that time must be given before the terms 
become enforceable.

(5) Sybase, a corporation that deals in back-end solutions for the 
enterprise, has submitted a license for review that will be used as a 
'click-wrap' license, so that an enforceable contract can be formed. 
This was based on the evidence in the above point.

(6) There is widespread concurrence on speculation that software 
developers will be legally held liable for software defects that affect 
their customers. If not now, then in the future (as per your point 

(7) The above points, put together, pose a conundrum for Open Source: 
If developers take the contracts route, they inherit all the caveats 
mentioned thus far, plus uncertainty how well they are actually 
protected. If they don't, they expose themselves to the sorts of 
liability that makes creating Open Source impractical for individuals 
or smaller organisations.

Making products available gratis isn't going to help; after all, 
Internet Explorer is gratis, but many organisations use it as an 
essential part of their desktop infrastructure. If there was a major 
defect in Internet Explorer that caused any particular enterprise 
customer revenue loss, would this really stop them from going to court? 
If it did, you could bet that every single business lobby group in your 
country would be petitioning your government that same afternoon to get 
the law changed.

Russell Nelson has made two key points in this discussion:

"The time is coming when you won't be able to distribute software 
unless you have presented the license to the user and their assent is 
necessary to access the software. Even free software. Our industry is 
maturing and we need to be more legally careful and rigorous."

"Imagine, if you will, that a large proprietary software firm (or 
consortium) wishes to destroy open source software. If they can require 
that all software come with a warranty, the job is done -- time will 
cook the soup."

It appears in both of these that he was spot on, and if the Open Source 
community, which includes us, does not respond correctly, then Open 
Source might be made to disappear. Sounds impossible, right? Laws make 
the impossible possible.

All that said, there have been some good points in this discussion, 
especially from you Larry, about how to get through, or at least 
around, these issues. Basically, all we need at this point is some 
certainty around how courts are likely to tackle these questions. I 
don't want to see any developers taken to court, but I have to admit it 
could be very helpful at this juncture...

> Someday UCITA may do these things for software.  Do you want that?  Do 
> you want the open source community to try to influence the shaping of 
> laws like UCITA?

No, and yes, in that order. Events in the U.S. concern me since our 
current government sucks up to George W and his team wherever possible. 
A quiet word from one to the other and UCITA would find itself being 
debated in the Australian parliament faster than you can say 

My question, though: who is UCITA truly designed to serve? The public?

Cheers, Nathan.

license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3

More information about the License-discuss mailing list