WANAL (Re: What could have been done differently?)

Paul Vixie vixie at vix.com
Tue Jan 28 17:49:23 UTC 2003


ekgermann at cctec.com ("Eric Germann") writes:

> Not to sound to pro-MS, but if they are going to sue, they should be able
> to sue ALL software makers.  And what does that do to open source?
> Apache, MySQL, OpenSSH, etc have all had their problems.  ...

Don't forget BIND, we've had our problems as well.  Our license says:

/*
 * [Portions] Copyright (c) xxxx-yyyy by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 */

I believe that Apache and the others you mention do the same.  Disclaiming
fitness for use, and requiring that the maker be held harmless, only works
when the software is fee-free.  Microsoft can get you to click "Accept" as
often as they want and keep records of the fact that you clicked it, but in
every state I know about, fitness for use is implied by the presence of fee
and cannot be disclaimed even by explicit agreement from the end user.  B2B
considerations are different -- I'm talking about consumer rights not overall
business liability.

In any case, all of these makers (including Microsoft) seem to make a very
good faith effort to get patches out when vulnerabilities are uncovered.  I
wish we could have put time bombs in older BINDs to force folks to upgrade,
but that brings more problems than it takes away, so a lot of folks run old
broken software even though our web page tells them not to.

Note: IANAL.
-- 
Paul Vixie



More information about the NANOG mailing list