zlacker

>>daniel+(OP)
I find this article and the reactions here confusing. This seems to me like unequivocally a good thing for open-source devs.

Making commercial vendors who rely on open source software liable for bugs is fantastic news, that's how it always should have been. You can't have a commercial company throw their hands up and say "well github.com/cutefuzzypuppy is at fault for writing an open-source npm package we used so harm to our customers is not our fault!"

>>sevagh+F6
The article is misleading unless you read the whole thing and the reactions are standard knee-jerk ones from HN users that didn't need to read past "EU" to assume the worst possible misinterpretation.

>>omnico+98
I read the article, but it was quite ambiguous, at least to me. It isn't very well written / clear on what is actually going on.

>>within+p9
I agree it's very ambiguous, but if you read the whole thing it's clear that when dev A releases code under an open source license and it's included in a commercial product by company B that then harms person C, the liability will be on company B. Most of the hot-under-the-collar responses here are assuming it will fall on dev A, which is a misinterpretation the article's author did not do much to discourage.

>>omnico+5a
Actually, I may have missed buried lede in this case where there is no company B, and citizen C is harmed by dev A's github project.

That is actually kinda concerning, if my MIT license of "no guarantee" won't protect me.

Other commenters who got it:

>>38808821

>>38808756

>>sevagh+2b
That is concerning, but I think the author’s interpretation of the upcoming regulation may be wrong.

See here for example: https://www.euractiv.com/section/digital/news/eu-updates-pro...

Specifically: “The Directive will not apply to free and open-source software developed or supplied outside a commercial activity. The liability rules apply when the software is supplied in exchange for a price or personal data used for anything other than improving the software’s security or compatibility.”

IMHO the original article is either wrong or trying to spread FUD.

My take is, if this law passes, I’m an EU citizen, and I use your MIT software without paying you and without engaging with it through some service of yours (e.g. sevaghbook.com) then you’re not liable if I get damaged.

>>fipar+xd
Basically EU will treat open source devs as idiots by preventing them from making living off it. And you feel that's fine?

>>trepri+hF
I have no idea how you interpret it this way.

How does being liable for damages caused by software or services you sell equate to being an idiot? I just see it as the normal way to do business, and the reason why limited liability (the way I’ve been doing business for more than 2 decades) exists.

>>fipar+xI
Example: I will make a library controlling some integrated circuit as open source and charge money for commercial use. My software has a little bug that occasionally causes misreading of the IC values. A military software company uses my open source library in their nuke platform. My library misreads values on one nuke that goes off. Are you telling me I am going to be liable for that? Let's say independent multi-pass root cause analysis pinpointed the problem to my library and only to my library.

>>trepri+H01
If you did not sell the library to the military software company then no, it’s them whom are liable (assuming they did sell their software, that uses your library, to whomever had the nuke that went off) and not you.

IANAL but it seems clear cut to me: if you asked for money in exchange for your software (or to access to your software through an API or similar), or if you asked for personal information (in exchange for your software) then you’re liable, otherwise, you’re not.