zlacker

[return to "Open source liability is coming"]
1. sevagh+F6[view] [source] 2023-12-29 18:40:30
>>daniel+(OP)
I find this article and the reactions here confusing. This seems to me like unequivocally a good thing for open-source devs.

Making commercial vendors who rely on open source software liable for bugs is fantastic news, that's how it always should have been. You can't have a commercial company throw their hands up and say "well github.com/cutefuzzypuppy is at fault for writing an open-source npm package we used so harm to our customers is not our fault!"

◧◩
2. omnico+98[view] [source] 2023-12-29 18:46:10
>>sevagh+F6
The article is misleading unless you read the whole thing and the reactions are standard knee-jerk ones from HN users that didn't need to read past "EU" to assume the worst possible misinterpretation.
◧◩◪
3. within+p9[view] [source] 2023-12-29 18:51:36
>>omnico+98
I read the article, but it was quite ambiguous, at least to me. It isn't very well written / clear on what is actually going on.
◧◩◪◨
4. omnico+5a[view] [source] 2023-12-29 18:55:04
>>within+p9
I agree it's very ambiguous, but if you read the whole thing it's clear that when dev A releases code under an open source license and it's included in a commercial product by company B that then harms person C, the liability will be on company B. Most of the hot-under-the-collar responses here are assuming it will fall on dev A, which is a misinterpretation the article's author did not do much to discourage.
◧◩◪◨⬒
5. sevagh+2b[view] [source] 2023-12-29 18:59:09
>>omnico+5a
Actually, I may have missed buried lede in this case where there is no company B, and citizen C is harmed by dev A's github project.

That is actually kinda concerning, if my MIT license of "no guarantee" won't protect me.

Other commenters who got it:

>>38808821

>>38808756

◧◩◪◨⬒⬓
6. fipar+xd[view] [source] 2023-12-29 19:13:19
>>sevagh+2b
That is concerning, but I think the author’s interpretation of the upcoming regulation may be wrong.

See here for example: https://www.euractiv.com/section/digital/news/eu-updates-pro...

Specifically: “The Directive will not apply to free and open-source software developed or supplied outside a commercial activity. The liability rules apply when the software is supplied in exchange for a price or personal data used for anything other than improving the software’s security or compatibility.”

IMHO the original article is either wrong or trying to spread FUD.

My take is, if this law passes, I’m an EU citizen, and I use your MIT software without paying you and without engaging with it through some service of yours (e.g. sevaghbook.com) then you’re not liable if I get damaged.

◧◩◪◨⬒⬓⬔
7. dqv+ol[view] [source] 2023-12-29 19:58:10
>>fipar+xd
Why none of these articles (neither TFA nor the one you're linking) link to the actual directive is beyond me.

But here it is:

https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/7393...

> With the aim of not hampering innovation: (i) free and open-source software developed or supplied outside the course of commercial activity, as well as (ii) the source code of software, should be excluded from the definition of products covered under the proposal.

◧◩◪◨⬒⬓⬔⧯
8. eggsbo+1M[view] [source] 2023-12-29 22:48:14
>>dqv+ol
Still not clear for me. What about a company open sourcing some libraries used in its product. Will it be liable? Or would this be 'supplied outside the course of commercial activity'
[go to top]