|Keep It Simple, Stupid|
So sue meby tlm (Prior)
|on Apr 09, 2005 at 15:35 UTC||Need Help??|
While we are on the subject of legal issues, upon chasing one of the links (merlyn and the 5000-line perl-4 style "auction" script) in The Lighter Side of Perl Culture (Part I): Introduction, I came across this quote by merlyn (read the original here):
Even worse, suppose a server got 0wn3d by running your code. Do you have enough lawyers to defend yourself in court? Are you prepared to do so? In fact, now that I've pointed out the potential security hole to you, you can no longer claim neglect. You are now liable for knowingly providing bad code. I suggest you remove your program immediately to prevent further tort exposure, especially since our correspondence here is a matter of public record now.It got me thinking about the liability of posting code online.
Granted, one has to keep in mind that I found this quote by following a link in the section "Mailing List Theatre" of TLSOPCI, so maybe merlyn was just hamming it up a bit to get the guy to yank some bad code from circulation. But if it's all theatrics, he's doing a pretty convincing job of it. Granted also, the code that merlyn was commenting on was apparently atrocious (I actually haven't looked at it, but I take his word for it). But a subtle bug has the potential for being as damaging as an obvious one.
I tried to Google this topic but I came up empty. Basically everything I found on the liability of posting code had to with posting proprietary code or code that could be used to circumvent anti-piracy schemes, etc. Nothing on the issue alluded by the quote above, i.e. liability due to posting buggy code that may cause some significant damages to its users. (Of course, license agreements including legal disclaimers on free software are common, but here I'm referring to source code directly posted at sites like PM, rather than full-blown applications). I'm sure that there is some legal blurb about this out there somewhere; I just haven't found just the right search strategy.
I found nothing via SuperSearch either, which leads me to my next point. Should we start sticking legal disclaimers in our posts? Would it make sense to have some PM Legal Disclaimer Node with some boilerplate disclaimer we can link to with a little See legal disclaimer in our signatures? Something like this perhaps (which I adapted1 from one of the item's in Perl's Artistic License):
ALL SOURCE CODE POSTED IN WWW.PERLMONKS.ORG IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.(It sounds a little ridiculous, I agree, but I think this is par for the course for the legal disclaimer genre.)
Last summer I went out on a group hike that started with legal forms being passed around for everyone to read and sign, releasing the organizers from all liability. It was an awful way to start what was meant to be a fun event, literally "a walk in the woods", not some extreme adventure. This sort of thing is increasingly pervasive, at least in the US, and I hate to be part of it. What do you all think? Do you know of any legal precedent for the scenario that merlyn alludes to in the quote above?
1 Does this make me a PLAGIARIST??? Maybe I should get some breakfast...
the lowliest monk