[opensource-dev] Third party viewer policy

Jonathan Bishop bishopj at bishopphillips.com
Wed Feb 24 23:05:35 PST 2010


--------snip--------

Boy wrote:-

LL's new policy says under 7. 

"If you are a user or Developer of Third-Party Viewers:

a. You are responsible for all uses you make of Third-Party Viewers, and if
you are a Developer, you are also responsible for all Third-Party Viewers
that you develop or distribute."

In it's current form that reads: a developer is fully legally responsible
for the code, and in addition to that also carries full responsibility for
any user action of anyone using that viewer. In my opinion that's a killer
clause nobody halfway intelligent can accept.

--------End Snip------------

 

That's not how I interpreted the line, although I agree it is ambiguous.  My
reading was that you are responsible for:

a) what you write as a developer with which you then log on to the grid (so
the "Oops I didn't mean to delete the grid with my pre-alpha release "Fluffy
Lief Deathstar Viewer", it was just an experimental feature to see what
would happen if I spoofed admin rights and pressed delete - it wasn't a
production ready feature." excuse wont work.).  This seems just a
restatement of the TOS for accessing the SL grid (i.e. It's a violation of
the TOS to wreck the grid); and 

b) what you then publish to the world either by passive distribution (such
as a public source archive) or direct distribution (eg emailing it to
friends).  This means make sure you put the approved Gamma release of the
"Fluffy Lief Deathstar Viewer" not the auto-grid-deleting alpha version out
for public consumption (so the "Oops I just renamed and copied the KoobFace
trojan to the distribution list as the 'Fluffy Lief Deathstar Viewer' by
accident."  Doesn't work, because you are responsible for getting the
publication of your viewer right as well.  It might be arguable that the
obligation extends to ensuring that the public distribution is not
subsequently replaced with non-official hacked version, but this might be
satisfied by electronic code and zip file signing (which I gently suggest
you should probably be doing anyway).

 

I don't see that it says you are then responsible for what the users then do
with your browser or code.  That is between them and LL and covered by the
TOS.  (Even if it did say that, it would probably be an unenforceable
requirement in most if not all jurisdictions and would, in a badly written
license or other contract, cause the entire agreement to fail, and in a
correctly written document, just result in the clause being struck).   To
cover the end user use of the viewer the policy would, to my reading,
require something more - eg "are also responsible for all Third-Party
Viewers that you develop or distribute, broadcast (or otherwise cause or
allow to be transmitted in electronic or physical form), duplicates made
there-from and all works derived therefrom regardless of whether said
duplicated, broadcastn (etc.), or derived works were authorised, enabled or
performed by you".   Which, of course would be your classic unenforceable
obligation.but it didn't say that, I don't think.

 

Read this way the requirement is reasonable - it means "be careful what you
code and don't screw us up through deliberate or accidental breach of this
agreement, and then be careful that what you supply to others as the viewer
you registered with us is actually the viewer you registered with us".   It
might also mean: "LL hold you responsible for protecting the integrity of
the public master copy of the registered viewer (not each duplicate made
therefrom), because we aren't doing the distribution ourselves, but linking
to your distribution site."   Which also seems fair enough to me.

 

Trying to hold the original author responsible for a third party's
derivative version of a work after the third party has defaced it, is
patently silly and (at least inn the general case) unenforceable and I doubt
very strongly where LL's lawyers would intend such an "courageous" clause. 

 

The wording probably needs a little rework so that the apparent ambiguity is
removed, particularly since there is still an ongoing argument in IP
legislation circles about the relationship between duplication, distribution
and broadcasting, so the full meanings of some of these terms are yet to be
completely distilled.  

 

Another key issue revolves around the meaning of the term "responsible".  I
read that as "you agree to not code into your viewer any of the stuff we
said you shouldn't, and that you agree to ensure that the version(s) of the
browser we agree to put on our register is/are the ones you actually
distribute."  Other responsibilities such as not breaking the grid, are
governed by the TOS - as a viewer that is not connected to the grid is
effectively outside the reach of the said policy.  

 

 

 

 

Regards

 

Jonathan Bishop 
Managing Director

 


 

Bishop Phillips Consulting | Melbourne, Australia - Vancouver, Canada
Mobile +61 411.404.483 | Office +61 (3) 9525.7066 | Fax +61 (3) 9525.6080
bishopj at bishopphillips.com | www.bishopphillips.com
<http://www.bishopphillips.com/> 

 

 

 

  _____  

From: opensource-dev-bounces at lists.secondlife.com
[mailto:opensource-dev-bounces at lists.secondlife.com] On Behalf Of Boy Lane
Sent: Thursday, 25 February 2010 3:19 PM
To: opensource-dev at lists.secondlife.com
Subject: Re: [opensource-dev] Third party viewer policy

 

I would like to reiterate on one point that was mentioned shortly already,
the liability of a developer.

LL's new policy says under 7. 

"If you are a user or Developer of Third-Party Viewers:

a. You are responsible for all uses you make of Third-Party Viewers, and if
you are a Developer, you are also responsible for all Third-Party Viewers
that you develop or distribute."

In it's current form that reads: a developer is fully legally responsible
for the code, and in addition to that also carries full responsibility for
any user action of anyone using that viewer. In my opinion that's a killer
clause nobody halfway intelligent can accept.

In detail, this clause has two major implications.

Firstly by accepting 3PVP a developer would have to take full responsibility
for the viewer and the code it is based on. We all know that these sources
were developed by hundreds of different people and contain hundreds if not
thousands of known and unknown bugs (not sure about actual Jira statistics).
LL itself declines any responsibility in the sourcecode by sating "ALL
LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, COMPLETENESS OR
PERFORMANCE." Now LL forces a 3rd party viewer developer to take on exactly
that responsibility LL explicitly disclaims. I as a developer can not accept
this as I'm simply unable to guarantee that the underlying code is 100%
failure free or that there are no exploits possible to abuse that code.
Nobody can guarantee this and therefore should limit ones liability to
either the value of the software itself, here free open-sourced code with a
value of zero; or completely disclaims any responsibility as it is the
current status of the viewer code.

Secondly and worse than the first point, by accepting the policy I'd also
automatically take on full responsibility for anything a user does with the
viewer. Be it using build in features (abuse, harassment, griefing, you name
it), or furthermore use exploits in the code for not only malicious
activities. No developer ever could control or prevent any user action and
should never be held responsible for any action a user does with the
software provided.

I fully agree that a certain level of accountability is necessary. LL has
already all means to implement such accountability by having RL details of
each developer that is connected to an avatar. That's what the ToS warrant.
As such LL is already enabled to identify and prevent access of malicious
viewers and creators behind. The current liability clause therefore goes way
to far, is unfeasible, and renders the complete policy unacceptable.

In addition to that I can only second the concerns of Marine, Henri and
others that RL details of viewer developers should never be made public in
any form. LL per ToS has all RL details required. Publishing them would only
do one thing, open a can of worms for RL consequences, abuse, grief and
enable self-proclaimed better-citizens to take law and right in their own
hands as recent examples just showed.

Please revise the developer liability accordingly and add a clause that RL
details of viewer developers must never be made available to anyone else but
LL and legal authorities if required. Anything else is simply unacceptable.

Boy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100225/bab5974e/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2614 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100225/bab5974e/attachment-0001.gif 


More information about the opensource-dev mailing list