[opensource-dev] Third party viewer policy

Boy Lane boy.lane at yahoo.com
Wed Feb 24 20:18:46 PST 2010


I would like to reiterate on one point that was mentioned shortly already, the liability of a developer.

LL's new policy says under 7. 

"If you are a user or Developer of Third-Party Viewers:

a. You are responsible for all uses you make of Third-Party Viewers, and if you are a Developer, you are also responsible for all Third-Party Viewers that you develop or distribute."

In it's current form that reads: a developer is fully legally responsible for the code, and in addition to that also carries full responsibility for any user action of anyone using that viewer. In my opinion that's a killer clause nobody halfway intelligent can accept.

In detail, this clause has two major implications.

Firstly by accepting 3PVP a developer would have to take full responsibility for the viewer and the code it is based on. We all know that these sources were developed by hundreds of different people and contain hundreds if not thousands of known and unknown bugs (not sure about actual Jira statistics). LL itself declines any responsibility in the sourcecode by sating "ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, COMPLETENESS OR PERFORMANCE." Now LL forces a 3rd party viewer developer to take on exactly that responsibility LL explicitly disclaims. I as a developer can not accept this as I'm simply unable to guarantee that the underlying code is 100% failure free or that there are no exploits possible to abuse that code. Nobody can guarantee this and therefore should limit ones liability to either the value of the software itself, here free open-sourced code with a value of zero; or completely disclaims any responsibility as it is the current status of the viewer code.

Secondly and worse than the first point, by accepting the policy I'd also automatically take on full responsibility for anything a user does with the viewer. Be it using build in features (abuse, harassment, griefing, you name it), or furthermore use exploits in the code for not only malicious activities. No developer ever could control or prevent any user action and should never be held responsible for any action a user does with the software provided.

I fully agree that a certain level of accountability is necessary. LL has already all means to implement such accountability by having RL details of each developer that is connected to an avatar. That's what the ToS warrant. As such LL is already enabled to identify and prevent access of malicious viewers and creators behind. The current liability clause therefore goes way to far, is unfeasible, and renders the complete policy unacceptable.

In addition to that I can only second the concerns of Marine, Henri and others that RL details of viewer developers should never be made public in any form. LL per ToS has all RL details required. Publishing them would only do one thing, open a can of worms for RL consequences, abuse, grief and enable self-proclaimed better-citizens to take law and right in their own hands as recent examples just showed.

Please revise the developer liability accordingly and add a clause that RL details of viewer developers must never be made available to anyone else but LL and legal authorities if required. Anything else is simply unacceptable.

Boy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100225/aca4977e/attachment.htm 


More information about the opensource-dev mailing list