Should Developers Be Liable For Their Code? 517
Glyn Moody writes "They might be, if a new European Commission consumer protection proposal, which suggests 'licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions,' becomes law. The idea of making Microsoft pay for the billions of dollars of damage caused by flaws in its products is certainly attractive, but where would this idea leave free software coders?"
gpl comes with a license (Score:3, Interesting)
if you pay you get working stuff or a refund, (Score:5, Interesting)
If someone sells GPL based software, they are free to do so and pick up the tab on flaws in the product. Same goes for proprietary software.
This should have been done at least 10 years ago.
Re:GPL (Score:3, Interesting)
there is no warranty for this free software
every software license worth its salt has this clause. laws can make certain parts of agreements void. for example, you can't enter into a contract to be a slave.
Re:gpl comes with a license (Score:5, Interesting)
If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.
Actually it would probably be whoever decided that that software was OK to use in an aircraft. If I were to somehow get an aircraft and install Gentoo on some critical system, I'm pretty sure I'd be the one to get in trouble rather than the Gentoo or Linux (kernel) or Glibc people.
Re:gpl comes with a license (Score:5, Interesting)
Except you just can't run anything for aircraft control. Read the fine print on software like Java, Windows and other items. You'll see it explicitly states you are not to use it for nuclear power plants, aircraft control and other life-critical applications. There are special rules for the super-critical stuff.
On the other hand, if this happens in a restaurant that calls itself high quality and advertises the famous chicken soup from a master chef and you get the same treatment, then there are numerous consumer protection agencies in Europe at least to fine the given restaurant.
That concept is so pathetic I don't know where to begin. Consumer protection agencies to fine a restaurant for poor quality and bad treatment? Are Europeans that big of pussies? What is wrong with "tell your friends they suck, don't eat there" and watch their business evaporate? You can't be serious that the government steps in for things like this!?
Re:Stupid Idea (Score:5, Interesting)
The idea that code should be perfect is a stupid idea: consumers don't want that. They want "good enough," not perfect. Perfect costs a great deal of money
Your comment is "insightful", but it is beside the point. This is exactly the same issue with all engineering. An object manufactured to better standards than needed for the purpose is an overly expensive object. The question rather is the web of responsibility. If Microsoft or Google or even somebody's shareware makes a claim of suitability, certainly the consumer should have redress when it proves unsuitable.
There are many other dimensions of this issue. For instance, the software industry is well known for adding pointless complexity - features that nobody ever asked for. If GE added a can opener to a toaster, they would be liable for any unexpected risks this reveals, but Microsoft can make Word so complex that businesses using it accrue large expenses related to training, etc., and risks related to misformatted and delayed documents and so forth - and yet Microsoft currently faces no significant market pressure from liabilities associated with having broken their own product.
Re:Stupid Idea (Score:4, Interesting)
Exactly. The problem with trying to enforce this kind of measure for software is that there is a cost/performance curve, and most people don't want to pay to be right up at the end of it.
Heck, no-one in the world knows how to get right up to the end of it. Even the guys at NASA, whose development process is awesomely effective at producing reliable software compared to the the commercial/home user industry, still get bugs. Given the nature of their work, their bugs can cost as much in a single mission as a bug in widely used home user software costs spread across the whole user base, potentially including a cost in human lives, so it's not like they're hiring stupid people or not trying to get everything perfect.
Re:gpl comes with a license (Score:2, Interesting)
you can sue a soup kitchen if it gives you food poisoning.
But equally, people should be free to say what use their product is intended for. You can sue someone if they sell you food, you can't sue someone if they sell you some substance, and you decide to eat it (especially if it has warnings not to eat it).
The GPL states (similarly to most licences):
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
If this isn't enough for a new law, then expect to see many software developers using a licence that states "This software should not be used for commerical purposes" or even "at all [except perhaps for a few limited, restricted uses]".
I also fail to see how causing injury is comparable to alleged liability of Microsoft - there Windows did not in itself cause damage, the problem is loss caused by downtime. It's the difference between a car blowing up in your face, and a car not working so you miss an important meeting. (And if you take a car and drive it into the sea, you don't get to sue no matter how annoying the results are to you.)
There may well be a market for software that does allow liabilities for loss (i.e., they say it is intended to be used commercially). Expect to pay at least ten times the price for it.
Re:It is all in the license.... (Score:3, Interesting)
Sure it's all in the license at the moment. The question is whether we as a society are happy that these are valid licenses.
We don't let doctors do surgery with the EULA-like conditions that "anything they do is at the users own risk and the doctor isn't held to any standards."
We don't let engineers build bridges with the EULA-like conditions that "the bridge is delivered as is and people drive over it at their own risk."
Why do we allow software to get away with such a cowboy attitude when we're more rigorous about other important infrastructure?
Or, why are we so up-tight about doctors and civil engineers when they should have the same laissez-faire setup as software engineers?
Unworkable (Score:3, Interesting)
This is an unworkable plan. Personal computers, by their very nature, require the end-user to tamper with them. The moment the end-user installs some 3rd-party software, or swaps out any piece of hardware, the environment the software runs under changes. This new environment will frequently produce a permutation that is impossible to predict and test against.
Additionally, many mainstream hardware manufacturers are TERRIBLE at producing hardware that conforms to the standards to which software developers target their code. Software developers can do everything right, but still see their programs malfunction due to circumstances beyond their control.
If this brain-damaged statute passes, the European Union will witness a steady exodus of consumer software, both closed and Open Source, from its member nations. There are just too many intermediaries between the software producer and software consumer to make this kind of liability feasible in any way, shape, or form. The price of even simple software would also rise to that of a small skyscraper, as a deluge of lawsuits would be filed by users for problems they caused themselves, but blamed on the software.
The cost to the European Union would be devastating.
Marketing (Score:2, Interesting)
From my experience, it's often more like,:
Accounting slashed the budget so that we were short developers and testers. Marketing advertised it for other than it's intended purposes, or more featureful than originally designed. Sales cut us out of client meetings and added a bunch of glitzy features or things that weren't even really possible to do properly.
The end product had features tacked on at the last minute, a shortened development cycle, a bunch of extra eye-candy thrown on at the expense of real features, a neutered budget, and almost no testing because even with the above cuts they still ensured customers it would be released at a way-too-early date...
Even with the headline's example of Microsoft, I'd have hard time placing all blame on the devs when all the above bullshit tends to happen, not to mention the overall fragmentation I've heard that they suffer from lately.
Re:gpl comes with a license (Score:5, Interesting)
Well, as somebody with an engineering degree, I know that we were taught that we were responsible for designs produced using software products. So, for example, if one used structural design software to design a building, and that software gave erroneous results, you are to blame, and not the software.
Aircraft software (Score:5, Interesting)
I make software that goes on an aircraft for a living.
All such software is required to be certified by the FAA, which has elaborate requirements for development, documentation, and testing (the applicable document is DO-178B).
I'm told that the reason for certification is not safety, but culpability. If your software satisfies the requirements and passes review by the FAA, then your company will not be held liable if it causes problems.
In essence, certification represents "best effort" engineering practices and tries very hard to eliminate bugs in the final product.
By the time a software package gets on a plane, many people have combed over it looking for problems, and the testers have spent a massive amount of time running it. There is a safety/failure hazard analysis which asks all the "what if" questions, and the flight crew has written procedures in case it fails.
If a bug is found after deployment (this happens occasionally) and it is discovered that there was a flaw in the certification process, all hell would break loose. It would open up the FAA and the company to all sorts of lawsuits from injured parties. The people who signed off on the certification would essentially be screwed.
The FAA is generally a bunch of bureaucrats. The one thing they do well is look out for their own interests.
Oh, and I worked for the company that got Microsoft Windows certified to run in the cockpit as a map display. It's Posix compliant, dontcha' know!