[55393] in North American Network Operators' Group
WANAL (Re: What could have been done differently?)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jan 28 12:50:41 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 28 Jan 2003 17:49:23 +0000
In-Reply-To: <NDBBJJPLIGJGLBKILFIHMEPBJBAA.ekgermann@cctec.com>
Errors-To: owner-nanog-outgoing@merit.edu
ekgermann@cctec.com ("Eric Germann") writes:
> Not to sound to pro-MS, but if they are going to sue, they should be able
> to sue ALL software makers. And what does that do to open source?
> Apache, MySQL, OpenSSH, etc have all had their problems. ...
Don't forget BIND, we've had our problems as well. Our license says:
/*
* [Portions] Copyright (c) xxxx-yyyy by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
I believe that Apache and the others you mention do the same. Disclaiming
fitness for use, and requiring that the maker be held harmless, only works
when the software is fee-free. Microsoft can get you to click "Accept" as
often as they want and keep records of the fact that you clicked it, but in
every state I know about, fitness for use is implied by the presence of fee
and cannot be disclaimed even by explicit agreement from the end user. B2B
considerations are different -- I'm talking about consumer rights not overall
business liability.
In any case, all of these makers (including Microsoft) seem to make a very
good faith effort to get patches out when vulnerabilities are uncovered. I
wish we could have put time bombs in older BINDs to force folks to upgrade,
but that brings more problems than it takes away, so a lot of folks run old
broken software even though our web page tells them not to.
Note: IANAL.
--
Paul Vixie
