[opensource-dev] Third party viewer policy

[Morgaine]

Good points, Boy Lane, concerning developer liability not being acceptable.

But it goes even further than that.  Developer liability is *not GPLv2
compliant*.

Here are GPLv2 <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>'s "*NO
WARRANTY*" clauses:


QUOTE

*NO WARRANTY*

*11.* BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.

*12.* IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO
LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR
THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END QUOTE


All liability and responsibility for the use of a GPL program rests with the
users of the program, not with the developer of the program.  This is an
explicit condition of all GPL licenses, and these licenses cannot be
employed by LL if section 7 of the TPV document is valid.

It is worth noting that the BSD license also has a similar NO WARRANTY
clause to protect its developers.


Morgaine.




==========================================

On Thu, Feb 25, 2010 at 4:18 AM, Boy Lane <boy.lane at yahoo.com> wrote:

>  I would like to reiterate on one point that was mentioned shortly
> already, the liability of a developer.
>
> LL's new policy says under 7.
>
> "If you are a user or Developer of Third-Party Viewers:
>
> a. You are responsible for all uses you make of Third-Party Viewers, and if
> you are a Developer, you are also responsible for all Third-Party Viewers
> that you develop or distribute."
>
> In it's current form that reads: a developer is fully legally responsible
> for the code, and in addition to that also carries full responsibility for
> any user action of anyone using that viewer. In my opinion that's a killer
> clause nobody halfway intelligent can accept.
>
> In detail, this clause has two major implications.
>
> Firstly by accepting 3PVP a developer would have to take full
> responsibility for the viewer and the code it is based on. We all know that
> these sources were developed by hundreds of different people and contain
> hundreds if not thousands of known and unknown bugs (not sure about actual
> Jira statistics). LL itself declines any responsibility in the sourcecode by
> sating "ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
> WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
> COMPLETENESS OR PERFORMANCE." Now LL forces a 3rd party viewer developer to
> take on exactly that responsibility LL explicitly disclaims. I as a
> developer can not accept this as I'm simply unable to guarantee that the
> underlying code is 100% failure free or that there are no exploits possible
> to abuse that code. Nobody can guarantee this and therefore should limit
> ones liability to either the value of the software itself, here free
> open-sourced code with a value of zero; or completely disclaims any
> responsibility as it is the current status of the viewer code.
>
> Secondly and worse than the first point, by accepting the policy I'd also
> automatically take on full responsibility for anything a user does with the
> viewer. Be it using build in features (abuse, harassment, griefing, you name
> it), or furthermore use exploits in the code for not only malicious
> activities. No developer ever could control or prevent any user action and
> should never be held responsible for any action a user does with the
> software provided.
>
> I fully agree that a certain level of accountability is necessary. LL has
> already all means to implement such accountability by having RL details of
> each developer that is connected to an avatar. That's what the ToS warrant.
> As such LL is already enabled to identify and prevent access of malicious
> viewers and creators behind. The current liability clause therefore goes way
> to far, is unfeasible, and renders the complete policy unacceptable.
>
> In addition to that I can only second the concerns of Marine, Henri and
> others that RL details of viewer developers should never be made public in
> any form. LL per ToS has all RL details required. Publishing them would only
> do one thing, open a can of worms for RL consequences, abuse, grief and
> enable self-proclaimed better-citizens to take law and right in their own
> hands as recent examples just showed.
>
> Please revise the developer liability accordingly and add a clause that RL
> details of viewer developers must never be made available to anyone else but
> LL and legal authorities if required. Anything else is simply unacceptable.
>
> Boy
>
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100225/1df5b7cd/attachment.htm