zlacker

[parent] [thread] 12 comments
1. sevagh+(OP)[view] [source] 2023-12-29 18:59:09
Actually, I may have missed buried lede in this case where there is no company B, and citizen C is harmed by dev A's github project.

That is actually kinda concerning, if my MIT license of "no guarantee" won't protect me.

Other commenters who got it:

>>38808821

>>38808756

replies(1): >>fipar+v2
2. fipar+v2[view] [source] 2023-12-29 19:13:19
>>sevagh+(OP)
That is concerning, but I think the author’s interpretation of the upcoming regulation may be wrong.

See here for example: https://www.euractiv.com/section/digital/news/eu-updates-pro...

Specifically: “The Directive will not apply to free and open-source software developed or supplied outside a commercial activity. The liability rules apply when the software is supplied in exchange for a price or personal data used for anything other than improving the software’s security or compatibility.”

IMHO the original article is either wrong or trying to spread FUD.

My take is, if this law passes, I’m an EU citizen, and I use your MIT software without paying you and without engaging with it through some service of yours (e.g. sevaghbook.com) then you’re not liable if I get damaged.

replies(2): >>dqv+ma >>trepri+fu
◧◩
3. dqv+ma[view] [source] [discussion] 2023-12-29 19:58:10
>>fipar+v2
Why none of these articles (neither TFA nor the one you're linking) link to the actual directive is beyond me.

But here it is:

https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/7393...

> With the aim of not hampering innovation: (i) free and open-source software developed or supplied outside the course of commercial activity, as well as (ii) the source code of software, should be excluded from the definition of products covered under the proposal.

replies(2): >>fipar+Tx >>eggsbo+ZA
◧◩
4. trepri+fu[view] [source] [discussion] 2023-12-29 21:58:08
>>fipar+v2
Basically EU will treat open source devs as idiots by preventing them from making living off it. And you feel that's fine?
replies(2): >>warkda+sx >>fipar+vx
◧◩◪
5. warkda+sx[view] [source] [discussion] 2023-12-29 22:18:24
>>trepri+fu
If open source devs make a living off it by charging users for money (or PII), the devs should be liable for the code they are selling. It does not matter if it is open source. Whoever makes a commercial offering based on that software must be liable.
◧◩◪
6. fipar+vx[view] [source] [discussion] 2023-12-29 22:18:50
>>trepri+fu
I have no idea how you interpret it this way.

How does being liable for damages caused by software or services you sell equate to being an idiot? I just see it as the normal way to do business, and the reason why limited liability (the way I’ve been doing business for more than 2 decades) exists.

replies(1): >>trepri+FP
◧◩◪
7. fipar+Tx[view] [source] [discussion] 2023-12-29 22:21:53
>>dqv+ma
Thanks for linking to the actual directive!

In light of it, I think the article I found didn’t link to it out of sloppiness, because their summary seems reasonably accurate to me, and the fine article didn’t link to it because they want to spread FUD, as the text you quoted directly contradicts some of the fear mongering in the original article.

◧◩◪
8. eggsbo+ZA[view] [source] [discussion] 2023-12-29 22:48:14
>>dqv+ma
Still not clear for me. What about a company open sourcing some libraries used in its product. Will it be liable? Or would this be 'supplied outside the course of commercial activity'
replies(1): >>dqv+E11
◧◩◪◨
9. trepri+FP[view] [source] [discussion] 2023-12-30 01:20:52
>>fipar+vx
Example: I will make a library controlling some integrated circuit as open source and charge money for commercial use. My software has a little bug that occasionally causes misreading of the IC values. A military software company uses my open source library in their nuke platform. My library misreads values on one nuke that goes off. Are you telling me I am going to be liable for that? Let's say independent multi-pass root cause analysis pinpointed the problem to my library and only to my library.
replies(2): >>mark_u+5W >>fipar+7W
◧◩◪◨⬒
10. mark_u+5W[view] [source] [discussion] 2023-12-30 02:45:31
>>trepri+FP
My take would be that if the military company paid you for the commercial use right, then you have "sold" the software and yes you would be liable. If they used it in an open source compatible way (no actual license is stated), and did not pay you for it then no, you would not be liable.
replies(1): >>trepri+dX
◧◩◪◨⬒
11. fipar+7W[view] [source] [discussion] 2023-12-30 02:45:44
>>trepri+FP
If you did not sell the library to the military software company then no, it’s them whom are liable (assuming they did sell their software, that uses your library, to whomever had the nuke that went off) and not you.

IANAL but it seems clear cut to me: if you asked for money in exchange for your software (or to access to your software through an API or similar), or if you asked for personal information (in exchange for your software) then you’re liable, otherwise, you’re not.

◧◩◪◨⬒⬓
12. trepri+dX[view] [source] [discussion] 2023-12-30 02:59:41
>>mark_u+5W
So basically I have no say about how my library is going to be used once I sell a license to a company, and if its use by a 3rd party leads to e.g. a mass-casualty event due to a bug in my code, I am liable?
◧◩◪◨
13. dqv+E11[view] [source] [discussion] 2023-12-30 04:18:04
>>eggsbo+ZA
Take OpenSSL. Their open source product would be free of liability. Their commercial support offering of that same product would not be.
[go to top]