The Internet Society quotes[1] that part and thinks selling support for stuff would count it as being supplied in “the course of commercial activity” even to those who aren’t buying the support.
If someone sold me support for a piece of open source software (like ISC and BIND) then I definitely would expect some level of liability if there's something wrong with it.
Otherwise why would I pay for support if I could just self-host? They can strictly define the parts they are willing to support, though.
You offer support for your open source software so it's commercial open source, someone else uses your software in his software without your knowledge and he doesn't pay and doesn't want support.
He doesn't update his version of your software and this leads to a security issue.
No, it’s people who possibly even agree with the intention of this wanting the letter of the law to be as clear as possible — so that a hypothetical uninformed judge a few years down the road has less wiggle room for a bad decision. (Also note that in some European law traditions, written law is more important than case law.)
No. Liability only arises if someone is paying you and you give them assurances that PyThing is fit for a particular purpose or behaves a particular way.
>free and open-source software developed or supplied outside the course of a commercial activity
This part isn't clear enough to confirm you assumption.
It could mean the software instance installed by your support customer, it could mean the software as such you intend to sell support for, no matter if you are really get paid for support or not.
I believe the point they're making is that while you could expect liability, I couldn't if I'm not buying support services but run it myself. As in "offering the support services to anyone" would assume global liability.
> If someone sold me support for a piece of open source software (like ISC and BIND) then I definitely would expect some level of ...
The word you were looking for is "support".
If there is something wrong with the "supported" open-source software, then you may expect a certain level of "support". Full-stop.
That generally entails an SLA that says your issue will be reacted to within N-time of opening the issue, which might be nuanced by the tier-level of support purchased. That you are provided access to documentation, or even the source code itself. You might be provided with best-effort support by an agent, which is limited to resolving documented defects, or configuration, or acknowledging standing-bugs which cannot be resolved.
What you cannot expect is the software is updated in accordance with the support incident. For that, send patches, or pay somebody to send patches.
I had a similar reaction to the whole thing about some new anti-Tiktok law in the US potentially banning a whole bunch of other things, but nobody is actually sure.
Like, is it a weird idea of mine that you should define your laws based on what you want them to do and then test them to make sure they are right before they actually, you know, become laws? How can no one know what the law will actually do until the law is actually enforced?
If I wrote software like this I would be instantly fired.
Can somebody please explain?
> If I wrote software like this I would be instantly fired. Can somebody please explain?
If aerospace engineers built airplanes the way you (or me) code, they'd be in prison.
I don't think software developers have any right to criticise - we are the clowns of engineering world.
The software around me fails all the time, coffe machine refuses to make coffee becauae there is no wifi, toyota has spaghetti code controlling the accelerator, average home router has over 9000 securiry holes.
Even if you look at our industry standards, the HTTP standard has flaws allowing Request Smuggling, JSON standard is not compatiable with javascript, and Javascript itself...oof...
> If aerospace engineers built airplanes the way you (or me) code, they'd be in prison.
Really? I don't recall anyone going to prison for the 737 MAX. Not even the engineers reviewing the code written by the offshored 9$/h programmers Boeing hired...
> the HTTP standard has flaws allowing Request Smuggling
As if the building code didn't too change over time.
That doesn't mean they will always get it right, but it's often screwed up more by the legislators than the attorneys.
Laws that are so vague that they don't give notice to someone of what conduct is proscribed are not valid in the US.
Additionally, in the US, laws found to be unconstitutional are void ab initio.
They are not struck down. They are declared never to have been valid in the first place.
(Though, like anything, perfect consistency is not a goal of the legal system, so you will see this screwed up at times as well)
even with already published laws you need a lawyer to understand how a judge will be more likely to interpret them; even then, it's just an informed guess, you never know what the end ruling will be until it comes.
So... Why not have a judge whose job is to come in and rule on potential new laws? You're pointing at this like it's some knockdown argument when it just shows lawmakers are lazy.
HN is not apparently aware of how laws are made in most countries. In fact, staff legislative attorneys and others greatly experienced in law often help write them and edit them.
Imagine all of your bugs were security bugs, hacking (and profiting from the results) was legal and incredibly lucrative, and (as a result) almost the entire available pool of testers was at best grey-hats each with their own political agenda. Even if you also had Designated Testers with lifetime appointments, would you expect them to do better in a year than a well-paid hacker could in a couple of weeks? Especially if the former category, though well-paid, is considerably understaffed and thus overworked, due in part to how hard it is to establish competence and good faith of a candidate?
I’m not sure this is a good metaphor, but I think the main thrust should be true: the whole thing is adversarial like you’ve never seen, and that’s not at all the best way to establish truth, just the best you can do without trust assumptions. (Law : science and engineering :: democracy : benevolent dictatorship.)
Otherwise why would I pay for support if I could just self-host? They can strictly define the parts they are willing to support, though.