Slashdot Mirror
GPL May Not Work In German Legal System
erbse2 writes "It may be that the (L)GPL can not be (fully) enforced under German jurisdiction. This is at least the conclusion professor Gerald Spindler of the jurisprudential faculty of the University of Goettingen came to when he examines the Legal questions of the open source software (It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer).
Heise News has the article in German, however, the fish may be with you.
IANAL, however, as one can put some of the legal problems aside, most of the concerns mentioned in there should provoke at least some thought by brave men around RMS."
It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer
:)
We'd not read it even when it's short, simple and in English, so how hard could it be.
SCO's CEO, Darl Mac Bride, has just declared that the SCO company will move to Frankfurt, Germany, and will be renamed FGO (Frankfurt Germany Operation).
The Organization of German Software Industries (VSI) considers its view reinforced that using Open-Source-Software leads to jurisdictional uncertainties. On behalf of VSI, Professor Gerald Spindler of the law faculty at the University of Goettingen examined "Jurisdictional Questions of Open Source Software". In more than 100 pages he examines the situation from different perspectives: Author's Rights (Urheberrecht), Usage Rights (Verwertungsrecht), and Liability Rights (??, Haftungsrecht).
Spindler spots jurisdictional uncertainties for all parties involved: Developers may be held liable if software does not work as expected, even if they only participated marginally in the development, rather than being a lead developer. Employers could walk on thin ice if they pay employees for writing Open Source Software. And buyers of such software must be prepared that liability is limited to the criteria common for items given away for free, i.e. severe negligence only.
Although one could argue about one or the other detail of the study, it spells out many problems. The license that is probably most popular for free software, the GPL, is hardly considered to be fully enforceable in the German maze of laws. For VSI, the results are probably most welcome, in order to spread uncertainty among people interested in Open Source, who are currently watching the actions of SCO against IBM eagerly.
I don't generally understand long, complex, legal arguments in German, but the astounding Fish translates it perfectly. Here are a couple quotes:
"Employers could go on thin ice, if they pay coworkers for the letter of open SOURCE often commodity."
"Even if one can argue perhaps over or other detail the study, then she calls many problems nevertheless with the name."
...a reason to learn German. And finally a real reason to post b4 reading the FA.
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
ehh.. I think babelfish has been on the crack pipe again
The SCO cases is supposed to be the first test, but that might not happen anyway.
No, SCO is not challenging the GPL, SCO really has little to do with linux.. it is about two things, one, a contract dispute with IBM, two, ownership of derivatives (they claim that if you write code and license it to SCO for use in SysV, then SCO owns all rights to that code and you cannot take that same code and use it elsewhere).
im Auftrag des Verbandes der Softwareindustrie Deutschlands e.V. (VSI) means that the study was paid for by the German association of proprietary software makers.
will be about the EULA and whether it can be legally enforced I'd reckon. Then compare that with other software licences like (L)GPL, BSD, ... That would be something meaningful.
Otherwise this is merely FUD.
Well it might turn out to be a gpl test.
Consider the following argument from IBM:
"We have copied code we think is ours into linux, however SCO then also distributed the same code under the GPL. If the code ever was questionable they have granted permission to use it at that moment. And thus set a precedent for more copying"
At that moment SCO would have to kill the GPL in order to have any case (or a substantial case) at all.
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
The article says that even minor contributors to an open source software project might incur substantial liability if the software doesn't perform correctly, employers might be liable if they permit their employees to develop open source software, and yet users of open source software might not be able to get much protection if the software malfunctions. The whole thing sounds like scare tactics to me.
This is not surprising, since the study was commissioned by the VSI, an alliance of closed source software development companies, whose members are the usual suspects: Microsoft, Sun, Autodesk, and others. I suspect that if the BSA commissioned something similar in the US, they could find a "legal expert" giving the same kind of opinion.
In any case, if this really is the legal situation in Germany (or any other nation), the logical next step is to fix the laws. There is no reason to leave any legal uncertainty around BSD or GPL-like licenses: they are clearly one valuable and valid way of licensing software, and they are an important component of a free market in software.
It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer
I AM a German lawyer and it is the FIRST article I have understood on Slashdot!
It's just a matter that the laws where not made to allow such a thing, not that the country is against the license (and I belive this is the case in Germany). For what a friend told me (he participated of a law-software-class), in Brazil you can't give away a software you made, there isn't such a thing as a company owning code in Brazil, only the people who created a software own it and can't simply say: "ok, it's not mine anymore". How this work with derivative work is a questions I have no answer, but I belive that most contries will have on one or another way problems with GPL. This dosen't mean that a judge can accept the license, just that the law by itself wasn't made with GPL in mind.
The study mentioned in the Heise article was commisioned by VSI ("Verband der deutschen Softwareindustrie", roughly translated "association of the german software industry"), and the VSI chairman is also the CEO of Microsoft Germany.
A monkey is doing the real work for me.
I don't know what SCO's position on the GPL is now, but according to an article today, it does sound like they want to be paid licenses by companies using GPL software (Linux), even if they didn't get it from SCO:
7 /b3840089.htm - Next month, SCO will tell companies that use or distribute Linux, such as Red Hat Inc., that they need to buy a license, says McBride.
From: http://www.businessweek.com/magazine/content/03_2
As I have skimmed through the professor's analysis (exactly 64 pages, not 100) I have noticed one single important point he tries to make: you cannot depend on OSS in case of some damage. The OSS (L)GPL goes against the german law voiding the guarantee of compensating damages. But what the hell guarantee you have using prioprietary software? Has anyone been compensated for loss due to Windows misbehaviour or, say, Oracle DB bug?
The conclusion from this study IMHO is that generally software providers should compensate damages that software bugs cause, it should not only be the problem of the Open Source Community. From that point of view commercial licences are equally flawed.
You can defy gravity... for a short time
The title page of this study invalidates its conclusions:
"Commissioned by the Association of the Software Industry
in Germany" -- they paid for it, they get to decide the
conclusions.
So it's FUD, in short.
This VSI page in English lists Rudolf Gallist as "chairperson" and this page in English shows that Rudolf Gallist was a "business leader of Microsoft Germany" from 1991-2000. So he hasn't worked officially for Microsoft in 3 years, but still, there is a connection...
The only problem is that justice is not a matter of laws and "being right" anymore, actually (thanks to the lawyers) its more a matter of money. And sadly money is the resource that Microsoft has in big ammounts.
I'm a little unsure of the details of this (~9 years since I last read any German, so I didn't even try).
But they talk about liability and GPL software *customers*. Since when are people who donwload a GPLed project customers? If you get linux from IBM, say, then you're an IBM customer and IBM shouldn't release products without checking and testing all the code they're selling. But going from that to holding contributing developers liable is ridiculous (even if it is German law).
"This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY"
...and you'll always find one where your favorite license is not legal nor enforceable.
The good side is that the MS'EULA may not be legal everywhere too.
And in many years, people from Jupiter, Aldebaran or Coruscant will claim that the GPL and the EULA from MS are both non-sense according to their legal system ("what's this 'intellectual property' crap??!!" will they ask). If they have one.
(The reverse may be true: the Generous Telepathic License from Pluto is probably not legal on Earth.)
Christophe (Don't hesitate to point out my spelling and grammar mistakes, I want to learn - Thanks).
The paper makes an interesting point: the only official version of the GPL is in English, but contracts in Germany generally need to be in German in order to be enforceable.
That may not matter for US projects put under the GPL and downloaded from US sites, where US law might apply even to German users. But it does matter for GPL'ed software re-distributed within Germany, and in particular for GPL'ed software created inside Germany (KDE?).
VSI intended this study to be a vehicle for putting down free and open source software. But the money they spent on it (it probably wasn't cheap) may actually help German free software efforts sharpening up any legal loose ends. Maybe one should get the BSA and Microsoft to invest in a similar effort in the US--it saves legal expenses for organizations like the FSF.
Secondly, no court was involved, but a German Professor of Law wrote a study.
And thirdly, the study was commissioned by a trade association of proprietary software companies -- what do you expect? Even without suspecting the author of willful misinterpretation, you can be sure that the sponsor carefully picked somebody who shared their vision or something to that effect.
Stephan
I don't understand this logic. Lets say I work for a company making widget subcomponents. I also retail widgets made by a range of companies. One of those companies stole one of my widget subcomponents and without my knowledge incorporated it into their widget, which was subsequently retailed by my company.
How exactly is the retail of the dodgy widget an excuse for the thief?
And while that may be the intent of the GPL, who is going to stop them? If what I've read is true - I believe that SCO are still distributing Linux from their web site
Not only does SCO have to stop redistributing Linux, so do RedHat, Debian, SuSE, and IBM.
However, the situation hasn't arisen yet: while SCO has made a lot of noise in the PR area, they haven't yet actually demanded licensing fees or made any specific IP claims. So, so far, SCO can continue to distribute Linux, as can anybody else.
Who would sue? Any contributor to the Linux kernel can. I'm sure the FSF would be happy to support a lawsuit once it gets to that point. And I suspect the FSF would be happy to support a lawsuit even against RedHat should RedHat be foolish enough to try to pay SCO for a license.
It might not be an excuse for the first theft...
But in this case it is not without SCO's knowledge...or atleast they had the opportunity to examine the source before distributing it.
By not doing it (and thus taking a risk) they forfitted the right to complain later. SCO's argument that nobody checks before shipping is nonsense. Just because everybody takes risks does not mean that they don't have to face the consequences of their actions.
Once the first 'widget' gets through the offending company might use your apparent approval as a sign for subsequent 'theft'.
In the case of IBM vs SCO not even the theft has been proven...
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
Ok So I decided to read the X pages in German legal speak. (Was bored ;) )
What did it say? Basically it did ask who was liable and who was not liable? From what I gathered, their reasoning is that just because the GPL exists it cannot bypass general AGB rights. AGB rights are general business conditions. Basically AGB says that if you sell me something buggy I have a right to bitch.
Ok first sure GPL has to deal with the AGB, but what about EULA's? Granted the article does not harp on this it could be the precursor. I really wonder if the supporters of this paper realized that.
Next because of the AGB conditions people who distribute the software may be liable. Likewise people who originally added something, but did not sell. In general this is part of the German AGB that exists for everybody. But again, if the German AGB really applied for software the MS and co have some serious dodo coming their way.
Did the article raise FUD? Not really. It just said things as it was. Again, I want to stress if the GPL is held to the AGB then it will be only a couple steps further for EULA. And then the lawsuits will fly because generally GPL people have no money. EULA companies do.
What I also found interesting is inspection of the GPL viral aspect. The article stated that the GPL was worded for the American Legal system, which means it does not necessarily apply to the German legal system. And the viral nature is something that is entirely vague with respect to German Law.
Consider the following. A programmer works for a company. The programmer creates a piece of software. Who owns the software? Is it the programmer or is it the company? The GPL and the German law on owner of the code conflicts here.
Also the GPL viral nature has limits. For example it is postulated that if you develop a larger piece of work and incorporate a GPL piece of work that maybe you do not need to GPL your work. The test is whether or not your application depends on that piece of software.
For example lets say that you write a database app. If you rely on MySQL using ODBC then you do not need to GPL your software. Granted this is a duh case. But the hint here is dependency. And what makes this especially dicey is the fact that software world lives in a derived world. Remember when using API's you are creating a derivative piece of work from a legal point of view.
I think it can be entirely summed up as, "THE GPL HAS NOT BEEN LEGALLY TESTED". However, what concerns me is that if the GPL is tested then so will other licenses. And that may result in things happening that maybe people did not want to happen...
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
Raising the GPL as "exposing companies to legal risks" is playing games with concepts. The GPL defines what can and can't be done with software written under that license. It does not, and cannot, define commercial conditions and liabilities for using the software. This is firstly a matter for national legal systems, and secondly a matter for contracts between parties.
Let us imagine for a second that this is actually a fault in the GPL. Now, what about public domain software (not GPL), such as software freely provided by computer manufacturers, or by individuals or groups. Exactly the same issues apply: writing such software can expose the programmer and company to liability, and using such software means you have to accept that no-one is liable.
Now how about commercial software. Is this any different? No, it can be criticised for exactly the same reasons.
So, it's clear that the so-called study is a misdirection. The GPL is about ownership and freedom, the study is about legal liabilities. No matter who owns the software, the legal liabilities remain shared between the author and the user, as defined by contracts and legislation.
That the study was paid for by a group representing commercial software vendors suggests that the deep pockets of interested parties lie behind it. Why Frankfurt, Germany? Because Germany is at the fore-front of the OSS revolution. (Note that my company has been distributing OSS products since 1997 and a steady 9-10% of all downloads have been from Germany, against 40-50% from the USA and 30-40% from the rest of the world).
The study is bunkum and can be dismissed easily, since taken to its logical conclusion, no-one should write software at all, and no company should use any product whatsoever if they are not able and willing to sue the person making it.
Ceci n'est pas une signature
If you can read German (and this is heavily legal German, the hardest kind of language to work through), you might want to start with the three-page summary on page 104, rather than plow through all 100+ pages.
I don't have a lot of time, but here's my first impression. IANAL, etc., etc. The summary raises three categories of legal problems, involving (1) the copyright holder, (2) contract law, and (3) liability. Actually, it seems to me that everything boils down to the issue of liabiliy: who has to pay if the software is defective in some way. Identifying the copyright holder and clarifying the contract are all means to the end of deciding who has to pay up. Incidentally, the text occasionally mentions open source software in general, but it appears that the only license analyzed in detail is the GPL (at least in the summary).
The section about the copyright holder strikes me as a tremendous struggle with what should be an easy question. Prof. Spindler or whatever says that since so many people may have contributed to the development of GPL'd software, in so many different countries, there may be huge problems identifying the copyright holder. This is the longest and most complicated part of the summary, and I'm not into working it all through right now, especially since I don't see the problem. Isn't this a moot issue with the GPL, since there is always exactly one copyright holder, regardless of who else contributed? That is, if the distributor of GPL'd software elects to include someone else's contribution, they nevertheless distribute it under their own copyright?
There are other issues in this section: if a company pays employees to contribute to GPL'd software, they might not be able to let the company be the copyright holder, because they do it for money, and the GPL allegedly says you can only do this free of charge. (Is that right?) It also raises the problem that the GPL as a business contract (one business allows another to use software under the conditions of the GPL) may be problematic since it's only in English. And that it is difficult to know when the GPL applies to new development, since the criteria for determining whether one software is derivative of another are unclear.
The second part contains what I think is the most critical claim: That the exclusion of warranty and liability in GPL sections 11 and 12 is not valid under German law. Open source software is legally regarded as a gift, and even for gifts, German law requires certain minimal standards of consumer protection, for example against deliberate or gravely negligent defects.
And so in the third section, Prof. Spindler claims that there are liability issues related to open source software, for the aforementioned cases of deliberate or gravely negligent failures of the software. He specifically mentions that distributors may be liable for viruses distributed in the software. Also, third-party-users may have stronger liability claims if they suffer damages caused by GPL'd software. For example, if a provider uses GPL'd software that is used in turn by its customers, and the software has some kind of defect that harms the customers, then the provider itself may be limited with respect to liability claims against the software authors, but the customers might be able to make stronger claims against the provider. "Download centers" or software distributors (such as SuSE, I guess) may be liable for distributing defective open source software. And if a provider or distributor does not hire support or consultants to help them ensure that the software is not defective, they may be exposed to liability claims because they were insufficiently diligent.
As I said, this summary reflects a superficial read-through and I'd be surprised if I've really understood it all. Hope it helps, but don't sue me if my summary/translation is defective. %^)
Always keep a sapphire in your mind
"Forget Linux!" says the FSF, "by the time all the lawsuits finish we'll have HURD!!!"
1. Abandon Linux in its moment of need
2. Devlope a fully GNU alternative
4. ???
5. Philosophize!
The unofficial
Your's is a good analogy. But SCO distributed Linux under the GPL. They knowingly participated in this arrangement for years. The code was open for all to see. Right?
Let's say SCO writes a song. I write a new verse and new vamp for the song. It's a hit. We go on tour together. SCO and I perform the song for years on tour. We sell concert cd's of the song with my verse and music included to our adoring fans. We make money. Suddenly (overtaken by an evil spirit) SCO says, "it's all mine now." Pay me! Or don't sing the song.
In the end, I think it was SCO's responsibilty to know what they were doing with the GPL.
"Don't Follow Leaders." Bob Dylan
As far as I understand, german "Urheberrecht" (not quite the same as copyright, more like "author's right") is basically inalienable. You can't just give away or sell your rights.
One consequence of this is that germans cannot put their software or whatever in the public domain (well, they can, but it would involve dying, and even then it takes some years). Another thing I wonder about is the FSF policy of only accepting patches when the author transfers copyright to the FSF (fun question: why is the GPL not good enough for them?). A german developer cannot meaningfully do that. How can they accept contributions from german developers?
Programming can be fun again. Film at 11.
would the (L)GPL stand up under EU law, and isn't this applicable also to germany. In EEC member states EU law is paramount, and EU courts are the highest courts.
The opinion of one lawyer is worth precisely nothing, unless he's the judge and you haven't got enough money to escalate to a higher court.
Panurge has posted for the last time. Thanks for the positive moderations.
As a lawyer who has had at least one NAFTA case with that nasty neighbor to the north (oh! Canada), and with the proviso that the last German language course I took was 1976, the abstract translation seems to be accurate. I will to try to read this in much more detail (with my German reference texts) and I'll probably send a request off through Lawprof (tm) to see if an English translation exists.
The upshot is that the GATT, NAFTA, WTO, Berne Convention treaties and EU / German substantive law and US statutory and common law will all play a roll in how the license(s) is (are) applied and interpreted. This document is a preliminary examination by a legal scholar of the emerging field and it should prove quite helpful simply by analogizing existing precedent with the intent of the GPL / Open Source concept.
From a legal standpoint, this is the same as asking a lawyer from the 1700's what laws apply to aircraft. We are just finding out that there are Aircraft!
Open Source is a radical idea - nobody and everybody (who contributes) owns much but the right to expand the existing public code. "Owning" things is what law is all about and a collaborative effort without a clear owner (legally speaking) is a real problem where someone might claim open code as their property (I don't know if the SCO / IBM / Linus T issues have reached the point yet, but It appears certain that the resolution will turn on who created what and when...)
If federal officials decide that Linux merits the same export controls as Unix, experts fear that could end development of Linux by the open-source community.
What's that all about? Why wouldn't development of the export controlled sections of linux not continue to be developed in a whole bunch of non-US countries?
Comments like that one piss me off...
Warning: Opinions known to be heavily biased.
I've read in various places: it's hundreds, thousands or even hundreds of thousands.
The articles that I've seen by people who signed the NDA, suggest all they saw is about 80 lines. Of course, that doesn't mean there couldn't be more than 80 lines in dispute.
I guess how many lines you count, might depend on:
(a) what you're referring to (disputed code or common code)
and (b) whether you count the things which SCO didn't (as far as I know) claim to have developed, but which IBM contributed to Linux, and SCO seems to claim derivative rights on based on the claim they were in AIX before being in Linux.
One of those companies stole one of my widget subcomponents and without my knowledge incorporated it into their widget, which was subsequently retailed by my company.
You didn't finish your (very poor) analogy..
If you discover the subcomponent, then refuse to tell them what it is, and continue selling your 'product' - WITH FULL KNOWLEDGE, and your contract with them states that THIS IS OK, then you don't have a legal leg to stand on - it's not "theft", because you are saying that it's OK.
Here's a shining example of the same German legal system. Enough said!!
The author of free software grants you the explicit right to scrutinise the source code; therefore, in case of dispute {"Your software messed up my computer and I want payment!"} then there is a simple response: You could have known it was going to do that if you had read the source code.
Examining the source code comes under the heading of "due diligence". If an Open Source product breaks, then the negligence is on the part of the user, not the author.
If you read the instructions that come with proprietary software, they all tell you to back up your entire hard drive before you install the software. Even if Certain Operating Systems didn't intentionally make that impossible {so you can't follow the instructions to the letter, which might make those applications No Good anyway} I don't see that backing up an entire HDD is any less a ball-ache than reading several hundred pages of source code.
If you don't want to examine the source code yourself, you have to rely on other users' experience through the various forums that exist. Other people will have had experience, good and bad, with whatever software you're thinking of installing and, being the Open Source community, they will want to share it. Otherwise you're not really doing anything better than clicking an attachment in an email whose subject starts with "Re: {something you never sent}" and which originates from a total stranger.
Je fume. Tu fumes. Nous fûmes!
There are a lot of other minor problems in the article. E.g. that you don't need to confirm that you agree to the GPL while installing the software. (That's similiar to unacceptable "with opening this box you agree to the EULA" when the EULA is *in* the box). You simply can't agree to sth. you haven't seen.
Don't get confused - the GPL is not a license you agree to when you install it. The GPL (and brethren) ask you to agree to the terms of the license when you distribute the software - normally you would not have the rights to do this (copyright remains with the software's author) so you either agree to the (L)GPL and distribute or you are bound by the copyright laws and can't distribute.
The strength of the (L)GPL licenses lies in expanding the rights you normally have beyond the restrictions provided by the copyright laws. If the GPL can't be applied, then normal copyright applies and the software can't be distributed. Commercial EULAs usually require you to waive rights you would normally have had.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
I have just read the conclusions at the end of the PDF and have the following comments to make although I'm not a lawyer.
Almost the whole basis of this professors's doubt about the GPL and the LGPL are based on doubts over legal responsibilities (The German word is "Haftung") i.e. who can you sue if your OpenOffice crashes and ruins your document. He makes some vaild points (the only ones I can make out as far as I can see) about the fact that under German law you cannot disclaim legal responsibility for a product you "sell" or provide in the market. He tries to claim that anyone involved in an GPL'ed software can be made responsible for the workings of the software.
What the good professor doesn't mention, but many other people on the Heise forums do mention, is that Microsoft's EULAa suffer from this exact problem in that the EULAs try to free Microsoft from any legal culpability as to the workings of it's software.
I personally think that the GPL should be proven in court. It should be so that it can finally be taken seriously by governments and Professors who get funded by Microsoft (This was indirectly funded by Microsoft) to undermine the GPL.
I get your point, but it's not valid here.
Every producer of every product *has* liabilities. If the software is under the GPL or the EULA doesn't matter. I should have made this clearer.
The question the article now asks is simply: Who is to blame, when something goes terribly wrong. When sth. with SAP goes terribly wrong: Sue them. When somebody distributes virus contaminated software: Sue them. But what, if the Linux kernel contains some backdoor? Blame Linus? Alan? Redhat?
And remember: The article is German is describes possible implications of using and producing OSS. Some laws here are somewhat different to the US laws. The concept of copylefting for example is difficult under German law (Urherbergesetz). "You own the copyright of everything you produce" is it's basis. That's to protect the producers. Bad for copylefting. And bad from the liability point of view. Cause you are liable for your products. The licence doesn't matter.
Bye egghat.
-- "As a human being I claim the right to be widely inconsistent", John Peel
"Take back the accidental GPLing" is a ridiculous phrase. You can't accidently GPL something, and if you did you couldn't take it back. If someone stole code from you, and GPLed it without the right to do so, then you have a case - that's not an accidental GPLing, that's IP theft (or piracy or whatever) by whoever did it.
Just reading the first paragraphs of the Heise article tells the story. This was a privately comissioned study by a hand picked German law professor by a software trade association.
Hardly independent.
The second paragraph is really funny. It claims potentially huge liability for developers in case of bad software AND very limited ability to sue for users in the same case. The fact that the software is a 'gift' limits liability under German law.
Am I the only one noticing a contradiction?
Can you say FUD?
IANAGL, but I think the point is that a lot of free software has no corporate backing; e.g. the author's are just a bunch of random guys who you might or might not be able to track down or sue. This is the case where users have no recourse.
On the other hand, if your corporation writes some new piece of free software which is contributed to by the public, or which incorporates pre-existing free code, you might be liable for that code which you had no control over; e.g. if there are deliberate backdoors.
No doubt there's FUD involved, but that doesn't mean that there's a grain of truth.
In germany (and in fact in most countries visited by Napoleon) the broad 'as-is' disclaimer generally is quite an issue.
In the US it is very normal that two 'grown up' parties agree to something fair reaching; such as waiving certain rights or liabilties with respect of each other.
In most of (continental) europe that is not quite so easy; and the contract or agreemnt which two parties may have with each other may simply be overclassed by national law or 'common sense' in that respect.
The national law dictates that there are certain minimal levels and that disowning it all is simply not an option.
So regardless of what the developer (dis)claims with respect to warranty; the court may well held him liable to a certain extend.
At the same time, there is also a bright side; those liabilities are generally much more limited and 'capped' than in the US; and hardly ever exceed a small multiple of the resonable sum/economic value of the good (and not what can be done with that good). And they also put very reasonable demands on the 'user'. Willy nilly risking 5 million of lost production on a bit of untested free software is not going to ring true with the judge. He expects (more) resonable caution than generally in the US.
Also note that the scope of damages is very propotional to the purchace/gains of the developer/transaction. Sor 'free' (as in gratis') software those amounts are obviously not going to be very large.
Except if there is a bit more blame; i.e. someone knowingly dropping the ball. And unlike the US, where that waiver is going to help you - it may do little or nothing in most of Europe. Whereas in the US you are fairly secure.
On the other hand - any secondary damages issues are not nearly as much of a problem in europe, and virtually unheard of. Plus bear in mind that cost recovery and legal assistance is on an entirely different level in germany compared to the US. This making the issue of frivolous lawsuits by a megacorp which cripples a small developer virtually unheard of in most of the EU.
So in short; yes - you are bit more open to exposure in Europe - but as long as you behave resonably and are not vandalizing the hight of that exposure is very limited; and proportional to your fairly direct and clear cut gains from that software. And with open source / gratis - that is not going to make you go bust.
Dw
If your local laws don't allow the GPL, then the only law that applies is copyright, and copyright law does not (by default) allow distribution of someone else's work. That's fine.
What it means is that the GPL is really brittle. Anywhere that any clause of the GPL is invalid, GPL code cannot be distributed. In this specific case, it means that e.g. Linux install parties are illegal in Germany.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
How many million lines of code does an ordinary linux distribution have now? Claiming it was open is like expecting each and every customer to read every page of a 70 page EULA
As far as SCO is concerned - let's consider history of the company:
Let's assume for a moment there is SysV stuff wrongly added to Linux - purely for the purposes of debate:
1. Caldera were a public company company trading in Linux products, not even as an incidental part of the busines, but as the founding reason for the entire business. The offered consultancy on Linux. They made contributions to improving Linux. They sold their own Linux distro. They were supposed to be experts. They therefore should have known what they were doing!
I don't think that they told anybody (customers, investors, press) anything like "sorry we don't really understand this Linux thing, and haven't read the sources which we distribute".
No, for years, they gave the opposite impression - namely they understood Linux. If McBridge says it is "no-brainer" about code copying now - why was it not a no-brainer back in 2000???
2. I read somewhere they had 15 programmers working just on UnitedLinux. I can't verify this to be fact, but I don't doubt they had employees working on Linux. Did none of them notice for years? Did none of them raise it with managers for years?
If something is amiss in Linux source, why wouldn't SCO/Caldera have known a long time ago?
3. They are one of only a relative handful who could have known if anything was wrong. While other companies may have been involved in Linux and/or SysV - Caldera/SCO positioned themselves as a Linux/UNIX software company - and owned the sources for the latter. Additionally as owner of SysV codes, wouldn't they have a special responsibility?
4. Ransom Love gave a lot of interviews etc., back in 2000, about bringing Unix features to Linux, or even might be interpreted as gradually converging the two (I don't see he ever said merge). Did nobody working on this dream at SCO/Caldera - not look at the code bases - they've got both - and suddenly say - back in 2000 - "Hey Linux's already got this from Unix!"? If they didn't, they shouldn't they have? If they did, and SCO/Caldera didn't care until a couple of years later, doesn't that sound like acceptance?
One hundred thousand lines of code will take 100 programmers two weeks.
And we have them.
Unless SCO produces a contract signed by Linus in 1990 granting them rights to all future derivatives, they won't even put a dent in Linux.
Why on Earth has humanity (or at least, western civilization) reached this point where every misfortune that occurs has to be someone else's fault? Surely sometimes, maybe even often, it's no-one's fault in particular. Or it's your own damn fault. After all, shit happens.
And how come in Germany, as it seems, even if you disclaim liability to the extent that most software suppliers do, you are still to blame, even if you supply the software (as most Open Source suppliers do), essentially or entirely at no cost?
Good grief.
The main part of the GPL is valid in Germany: The rule that any derived work must be placed under GPL. [D II 2. e (2) (a), page 47].
It's safe to assume that this part works worldwide: the right to create a derived work is an exclusive right of the copyright holder, and he can grant that right only if arbitrary conditions are met.
One problem is the no-warrenty clause - such clauses are invalid under some circumstances, for example when the loss if life was caused. I've seen open source software from US companies with an explicit line that use for medical application or life support is not permitted - perhaps there are similar dangers in the US.
Everything else is legalese - which type of contract is the GPL, who are the parties in the contract [does the user have a contract with all authors together, or with each author individually, i.e. thousands of seperate contracts, etc.]? Is an English contract enforcable?
One interesting point is that if someone violates the GPL, then it might be difficult to sue for damages: It may be necessary to name all coauthors for such a lawsuit. But since an individual author can ask for a restraining order, which is sufficient to enforce the GPL, this is not a critical problem.
The question the article now asks is simply: Who is to blame, when something goes terribly wrong. When sth. with SAP goes terribly wrong: Sue them. When somebody distributes virus contaminated software: Sue them. But what, if the Linux kernel contains some backdoor? Blame Linus? Alan? Redhat?
That doesn't sound, to me, to be much different than the situation in the US. And it is something PHBs always claim to be worried about. Who can I hold responsible if the software deletes my database? The solution has been the creation of companies like RedHat that provide support and guarantee the reliability of the software they distribute (even if they don't write it themselves).
I think most people will agree you can't hold someone (like Linus) responsible for software they develop as a hobby and distribute for free because they want to. If you decide to download it and use it without some kind of support contract than you are on your own if something goes wrong (though I would like to think most developers would respond to problems/bugs provided you weren't a jerk about it). So how is it any different in Germany?
No comment on the copylefting stuff. IANAL
The GPL specifically allows distributors (i.e., people who have accepted the GPL) to provide their own warranties or guarantees with GPL'ed software that they sell or distribute. It's one of those business models that RMS imagined would be profitable that never was (yet).
Note that this guarantee does not transfer if the person you sell GPLed software to resells/redistributes it. You get to decide your own terms for your waranties.
SUSE could easily provide a waranty for SUSE Linux that satisfied the minimum necessary requirements under German law, assuming that German law is even satisfiable. (some of the comments here make me believe that it may well be impossible to completely satisfy German law when distributing software)
But what, if the Linux kernel contains some backdoor? Blame Linus? Alan? Redhat?
I would say you would go after whoever maintains the kernel you were using. Could be AC, could be Linus, could be SuSE, etc. That seems like the most logical answer to that question.
The concept of copylefting for example is difficult under German law (Urherbergesetz). "You own the copyright of everything you produce" is it's basis. That's to protect the producers. Bad for copylefting.
I don't think you understand how copyleft actually works. If I, as an American, release software under the GPL, I still own the copyright (and so do my descedents for 75 years after my death), I've just chosen to give up the exclusive rights copyright normally gives me. GPL is not public domain. GPL still protects the producer, just in a different way than copyright usually does. There is no difference in this respect between American and German copyright law, if what you wrote is accurate.
Cause you are liable for your products. The licence doesn't matter.
Which is exactly why the very first sentence in the GPL's NO WARRANTY clause contains the phrase "TO THE EXTENT PERMITTED BY APPLICABLE LAW." Considering this, where exactly is the conflict with German law? As far as I can tell this article is nothing but FUD. Then again, IANAGL, nor can I read German. If I've missed some crucial point please fill me in.
Under capitalism man exploits man. Under communism it's the other way around.
So, don't agree with the GPL? No problem! You are not forced to accept it in order to use a GNU/Linux system or any other GPLed software.
But bear in mind that most countries have copyright laws, and you will be infringing copyright if you distribute copies of the program. You can't do that without the permission of the copyright holder, which means getting a licence. The GNU GPL might be one licence under which the copyright holder is willing to grant permission.
-- Ed Avis ed@membled.com