Slashdot Mirror


User: Bruce+Perens

Bruce+Perens's activity in the archive.

Stories
0
Comments
7,506
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,506

  1. Re:Where's the license? on Click-Thru Licensing on Open Source Software? · · Score: 3, Interesting
    OK, that's the problem. I dropped the project regarding clarifying that there may be no restrictions on use for a while due to some fires I needed to fight, I'd better take that up again.

    Bruce

  2. Re:Just a Case of CYA on Click-Thru Licensing on Open Source Software? · · Score: 2
    Or should we use a better fix than either of the alternatives you suggested.

    Bruce

  3. Re:No. on Click-Thru Licensing on Open Source Software? · · Score: 2
    If there's a bug in the kernel, and you can work around it in a user-level program, which should you fix? Is it *wrong* to work around a kernel bug in userland?

    Russ, I am a bit surprised that you ask, because this is so fundamental to what Open Source is all about. Open Source is all about being able to fix the bug in the kernel rather than have to work around it in 1500 different programs in user mode. Is it wrong to fix it in user mode? If you have to, it's because someone's keeping it from being fixed in kernel mode, and yes that is wrong.

    I can't say I'm happy that you have to bring these questions to Slashdot. Sure, there are times when it's good to seek input, but I'd think that today's issues are fundamental to OSI's chosen mission and aren't the ones you should have to ask about.

    Bruce

  4. Re:Copyright vs. Warranty on Click-Thru Licensing on Open Source Software? · · Score: 2
    If this is not the case, then the implications are terrible.

    It's not the case, and they are indeed terrible.

    Not only would you not be able to share your homebrew stout with your friends

    Yes, you may be liable if they are poisoned and hospitalized for a long time, if they are intoxicated and crash their car, etc. I pay for an additional US$2 Million general liability over the default offered on my home insurance for just this sort of thing, or if the cleaning lady hurts herself, etc.

    Bruce

  5. Re:That's not the issue! on Click-Thru Licensing on Open Source Software? · · Score: 2
    now you know why many companies aren't using open sourced software.

    That's a fallacious argument, and one that should be an FAQ. OK, folks, put this in an FAQ somewhere:

    FAQ: Open Source is bad because when it breaks there is nobody you can sue.

    Answer: This might be a valid consideration if there was anyone you could sue when your non-Open-Source software broke. There isn't. Go read the license that came with that software, if you don't believe me. Not only does it disclaim liability, it requires you to indemnify the software provider against your damages. Indemnify means that if there are damages to the vendor connected with your use of the software, you have to pay the vendor for them! Even if they are your damages!

    Service contracts are available for both Open Source and proprietary software. They provide some limited protection, but read your license, it's probably less than you thought. They may only be liable to give you a repaired version of their software on a timely basis, not for other damages incurred through its use. If you lose your data, that is probably still your problem, not something covered by the contract.

    If you have a lot to lose, buy insurance. You will find that your insurance company will require you to have a documented and working process to protect your company from damage - this will include backups, security and other evaluations, etc.

    Bruce

  6. Re:That's not the issue! on Click-Thru Licensing on Open Source Software? · · Score: 3, Insightful
    The GPL's no-warranty statement is a disclaimer, it does not request your agreement. The legal question is whether or not a simple disclaimer is adequate, and when the user must see it for it to be effective. I am for a single notice at distribution install time that there are licenses, that they disclaim warranties, and how you can view them. I don't think it's necessary for licenses to require that, it should be a guideline. Requiring click-through in a license would cause all sorts of problems for the distributions that they don't really need - there are better ways to solve this problem.

    Bruce

  7. Re:It's time for OSI to return the OSD to SPI on Click-Thru Licensing on Open Source Software? · · Score: 5, Insightful
    They've had a request for approval of a licence. Is it not reasonable for them to consult the wider community on this issue?

    Do you really believe they even had to ask? This one seems pretty clear to me.

    I'm intrigued by this statement. Some time ago I compared briefly read the Debian Social Contract and the OSD and I didn't notice any substantive differences.

    When OSI was proposed to me, it was a way of marketing Free Software to business. It's been instead driven as a schism from Free Software. And the OSD continues to diverge from the DFSG. I also reject that the folks running OSI are representative of any Open Source community anywhere. In the case of SPI, there is a membership and elections. And unfortunately, most of the OSI board don't have time for OSI - they're too busy with their companies, etc. So 2 or 3 people end up running it.

    The whole thing makes me very uncomfortable.

    Bruce

  8. Copyright vs. Warranty on Click-Thru Licensing on Open Source Software? · · Score: 4, Insightful
    IANAL.

    First, it's necessary for you to divorce copyright from warranty in your mind. Warranty does not necessarily follow copyright. In many cases, the warrantor will be the person you got the software from, regardless of whether they hold a copyright. And they may be able to pass on damages to the person they got the software from, perhaps the original developer. I think the risk to FTP sites is low, but to distributions, who put more active work into the process, and sometimes get a cash consideration, it's high.

    The problem is what is the default in the law regarding warranties. If the default were clearly no warranty, Free Software would be OK. To the extent that the default is otherwise, we are less OK, and must deal with imperfect instruments for disclaiming warranties, and getting the user to agree to indemnify us (pay for our damages). But our goal is not to go to court at all. The minute someone has us in court, we're already losing money. So, we want it to be so clear that there is no warranty that nobody will ever try to sue. This is why people are tempted to use click-wrap. But I don't think that requiring it is the right solution.

    Bruce

  9. Re:But this goes beyond copyright... on Click-Thru Licensing on Open Source Software? · · Score: 4, Insightful
    Aren't you actually proposing that we let the other side state the rules of the game? After all, Free Software is a rebellion against all of this litigious nonsense. I think we need to push back here.

    This is not to say that there is no need for a set of guidelines on how to communicate to users the NO WARRANTIES message. But I don't feel that requiring click-through in licenses is the right approach.

    Bruce

  10. Re:That's not the issue! on Click-Thru Licensing on Open Source Software? · · Score: 4, Insightful
    The problem is that Red Hat (for example) can pass on damages that they are forced to pay in court to the original developer by turning around and suing that developer. Would they? Of course not. But of course management of companies changes, that is why we have contracts.

    That said, I still don't recommend click-through. I would instead publish a set of guidelines for distributions that would tell them how to direct attention to individual software licenses.

    Bruce

  11. Re:That's not the issue! on Click-Thru Licensing on Open Source Software? · · Score: 5, Insightful
    This has got to be a troll.

    Obviously, Free Software producers must be able to deny warranties, since they are not getting the consideration (money) necessary to provide them. People who want warranties should be able to buy them, either from the software producer, another software shop, or an insurance company.

    It's different with cars, because cars have a high potential to do physical injury to people and are thus expected to be built to a higher standard.

    Bruce

  12. Re:what about server software on Click-Thru Licensing on Open Source Software? · · Score: 2
    I agree that package installers should be able to present the software license for any package on demand, and that the option to read it should be very clearly available to the user. Also, there should be some general notice with a distribution at install time that there are licenses, and that they disclaim warranties, and how to see them. But I would reject an attempt to require the above in licensing. It's up to the distributions, who face most of the liability, to implement.

    Bruce

  13. Re:That's not the issue! on Click-Thru Licensing on Open Source Software? · · Score: 4, Insightful
    Well, from a liability standpoint, I would recommend that distributions who are worried about this include a click-through notice at distribution-install time. The notice should say that the software included in general disclaims warranties, and where the licenses are found on the system, and that it's a good idea to read them if you feel you deserve a warranty. I would not recommend that any license require one to maintain that click-through notice.

    Bruce

  14. Re:No. on Click-Thru Licensing on Open Source Software? · · Score: 3, Insightful
    Well, my suspicion is that this is related to the disclaimer of warranty issue, and not copyright. But there are two ways to go at that - push Open Source licensing, and push to reform the law. I'd rather push to reform the law. If we continue to back up, we'll eventually have our backs to a wall. The Debian Free Software Guidelines, later called the OSD, were all about drawing a line in the sand. We need to hold that line.

    Bruce

  15. Re:The GPL doesn'[t need a click-through agreement on Click-Thru Licensing on Open Source Software? · · Score: 4, Insightful
    All I can think of is that the click-through might be required for the disclaimer of warranty in some UCITA states. This is not a copyright issue. But we are working that angle by going for modification or withdrawl of UCITA.

    I see this as a slippery slope. Accept it, and then there will be an incremental series of other "legaly necessary" requirements, until we can't be distinguished from shared source.

    No, no, a thousand times no!

    Bruce

  16. It's time for OSI to return the OSD to SPI on Click-Thru Licensing on Open Source Software? · · Score: 5, Interesting
    I'm aghast that OSI would even consider click-wrap, and I entirely reject the unsubsantiated scare-mongering that goes along with its proposal.

    The OSD was developed by the Debian group under the aegis of Software in the Public Interest. Nobody who is presently involved with OSI had any part of that.

    OSI is probably the biggest mistake I've ever made, and yes it's my mistake. It's time to clean it up. The OSD should be returned to SPI, who can be trusted to administer it sanely.

    Bruce

  17. No. on Click-Thru Licensing on Open Source Software? · · Score: 3, Insightful
    I don't think so. And I'm not ready to accept your attorneys arguments without seeing them.

    Bruce

  18. Re:Hollow Victory on HP Backs Off DMCA Threat · · Score: 5, Informative
    Dear AC,

    I agree that this is hardly the last shot in the battle. Hardly. If anything, we kept a bad situation from getting a drop worse. But I don't know if "wussied out" is really a fair description. I modified my own DMCA paper to protect HP's Linux program. When Kent Ferson sent his letter a whole 4 days later, I lit fires all over HP and (along with a cast of good people within HP) convinced everyone, including Kent, that using DMCA this way was a bad idea.

    But I didn't get the law repealed this week. I'll keep working on that. It would be really nice if you would put in a lot of work on this, too. This is the sort of issue where every one of us has to help or we'll lose.

    Thanks

    Bruce

  19. Re:Bruce, it's time for you to make a decision on HP Uses DMCA To Quash Vulnerability Publication · · Score: 4, Insightful
    Well, hopefully I get points for not speaking out of ignorance, which is what I would be doing if I were to air a condemnation before I had first-hand data.

    Thanks

    Bruce

  20. Re:I need your call on this, please, folks. on HP Uses DMCA To Quash Vulnerability Publication · · Score: 5, Interesting
    I read "full disclosure unless bound by contract" as "full disclosure unless you pay us to hide what we found". If I had written that page, I would have spun that line differently. I don't yet know if my (admittedly paranoid) interpretation represents the way they operate, or not.

    Bruce

  21. Re:Bruce Perens on HP Uses DMCA To Quash Vulnerability Publication · · Score: 5, Interesting
    People really resist the phone. Lots will reply to me here. A few will email. None will call. No kidding. That number has been on my web page for a year, and the calls I get are from the press, and the occassional Nigerian money-laundering scam.

    Bruce

  22. Re:Bruce, it's time for you to make a decision on HP Uses DMCA To Quash Vulnerability Publication · · Score: 2
    Well, did you see this line on the snosoft.com home page?
    Our advisory release policy is full disclosure unless bound by contract.

    I'm uncomfortable about that line. Thus, I'd better investigate both sides thoroughly.

    Bruce

  23. I need your call on this, please, folks. on HP Uses DMCA To Quash Vulnerability Publication · · Score: 4, Interesting
    Folks,

    In my investigation, I read the Snosoft home page. This is the second sentence of their introductory paragraph:

    Our advisory release policy is full disclosure unless bound by contract.

    Now, I don't know any of the people involved or how they really do business, and thus I am not ready to make any allegations. But that sentence sounds a bit like a shakedown, doesn't it?

    I would hate to be manipulated in a shakedown of my own company.

    On the other hand, some people say this is a year-old bug and that there was long correspondence before one of the employees finally revealed it. I don't know if that's true yet.

    What do you think?

    Bruce

  24. Re:Bruce, it's time for you to make a decision on HP Uses DMCA To Quash Vulnerability Publication · · Score: 3, Informative
    One has to balance law and personal integrity. If things went down the way they were reported - and that's a big if - I would not really be able to stand by this, and would probably air some criticism of HP management. When I was hired, I did negotiate how and when I could criticize the company, and this falls within those parameters. Would I quit? Some people think I should stay around and try to teach them the right thing to do. Not that this would be easier than quitting. But HP isn't going away just because I slam the door on them.

    Bruce

  25. Re:Bruce, it's time for you to make a decision on HP Uses DMCA To Quash Vulnerability Publication · · Score: 3, Informative
    Well, my job is keeping the company from doing stuff that makes its customers want to "vote with their wallet" as you do, or fixing the problem when that goes wrong. Give me some chance to do it.

    Bruce