zlacker

[return to "Open source liability is coming"]
1. sevagh+F6[view] [source] 2023-12-29 18:40:30
>>daniel+(OP)
I find this article and the reactions here confusing. This seems to me like unequivocally a good thing for open-source devs.

Making commercial vendors who rely on open source software liable for bugs is fantastic news, that's how it always should have been. You can't have a commercial company throw their hands up and say "well github.com/cutefuzzypuppy is at fault for writing an open-source npm package we used so harm to our customers is not our fault!"

◧◩
2. rebecc+Ca[view] [source] 2023-12-29 18:57:03
>>sevagh+F6
I think that this part of it could break either way, but the concern is that when faced with a choice between being liable for their own code or being liable for open source code, most companies will choose to write their own code. If so, that would be a net harm to open source and user freedom. I'm not sure it'll happen, but it might.

The biggest issue I see with this law is around liability for open source projects that people are using directly. It'll be disastrous if all open source software ceases to exist or be available in Europe because volunteers face legal liability if their code has a bug. In theory this could even impact people outside of Europe if they don't prohibit access to their code by EU citizens.

I release a lot of code on github. Most of it is just random crap that I wrote to solve a specific need or to explore an idea, and I put it up under an open source license because why not? If it helps someone, that's great. Now I need to be concerned that the random "example-service" project I wrote in C and published a decade ago to go with a blog post I wrote will end up costing me all the money I have ever or will ever earn in my career.

◧◩◪
3. lifeis+ab[view] [source] 2023-12-29 18:59:29
>>rebecc+Ca
>>> when faced with a choice between being liable for their own code or being liable for open source code, most companies will choose to write their own code.

Not even FAANG can achieve this for 1/10th of the code they rely on.

◧◩◪◨
4. flir+Uc[view] [source] 2023-12-29 19:09:28
>>lifeis+ab
Hmm. They can probably find other companies willing to sell them support contracts, and take on that liability. Even for things that are open source. You're back to the old enterprise software model then, really, even if the code in question is "officially" open source. You won't be able to run versions that your supplier hasn't certified, and the rate of change will slow to a crawl.
◧◩◪◨⬒
5. Aerbil+Qe[view] [source] 2023-12-29 19:21:18
>>flir+Uc
> You won't be able to run versions that your supplier hasn't certified, and the rate of change will slow to a crawl.

Interesting times indeed. Though I think open source software generally is reliable enough that companies will simply continue business as usual and take on all the liability. They have enough deep pockets to pay compensation that one time something goes wrong, or at least that's my impression.

[go to top]