zlacker

[return to "Open source liability is coming"]
1. monoos+K7[view] [source] 2023-12-29 18:44:26
>>daniel+(OP)
There seems to be some confusion in the comments regarding what this means for people releasing open source software.

The article makes it clear that (as the author understands it, at least) someone who uses open source software in their commercial product is liable; the people who wrote the open source code [1] are not.

> If a user is harmed by software, the person they paid (targeted ads would count) must compensate them for the harm – unless the software provider can prove their software played no role in the ... harm. If open source resources are [used by] your code, you’re responsible for their performance too. *The open source resource licensed away their liability to you*.

(Emphasis mine)

[1] Assuming they used a license that limits liability, such as Apache.

◧◩
2. pylua+z9[view] [source] 2023-12-29 18:52:19
>>monoos+K7
The article says it is not clear who provides relief if the user directly uses open source with no middle man. That is the most concerning part for me.
◧◩◪
3. sgt101+5c[view] [source] 2023-12-29 19:04:31
>>pylua+z9
If you use open source you are accepting the license that says that there is no liability. This is similar to going walking in a national park, there is no liability for an injury that you incur. This is very different from walking in a shopping mall. If you fall in a hole on a mountain this is your problem. If you fall in a hole in a mall it's the mall's problem.

The article is attempting to create a scare about things that have always been true. If a telco's services crash the telco has to compensate customers even if it was a postgres failure that caused it by failing to authorise handsets for a connection in a cell. For example.

◧◩◪◨
4. orange+Oe[view] [source] 2023-12-29 19:21:05
>>sgt101+5c
> If you use open source you are accepting the license that says that there is no liability.

The article directly contradicts this:

> What if an open source project is used directly by consumers, and causes them harm? The public policy is clear: they must be compensated. Does it matter if they signed a license or didn’t pay someone? Their business is bankrupt, their files are in a hacker’s hands, or their own customers are suing them. Someone should be strictly liable.

[go to top]