On Fri, 12 Mar 2004, Lawrence E. Rosen wrote: > You've asked a fascinating question and I'm looking forward to the > comments of those who work specifically with proprietary software. > You asked whether a software licensor has a duty to disclose known > defects.
A defect is some kind of imperfection compared to a recognized standard or norm. Most software claims to be useless (unfitted) for any purpose. Thus, such software cannot have defects, by definition (from legal point of view and where the disclaimer is legal). > Open source software projects attempt to satisfy the concerns of > consumers by (1) fully disclosing all source code so that defects > can be known and corrected; To be precise, you could say "so that defects are sometimes easier to find and correct". If source code would somehow magically expose and fix most bugs, neither open source nor closed source software would have any bugs. Moreover, if just knowing the source code would drastically contribute to the reduction of bugs, then, from technical point of view, most of the same bugs would be found by analyzing binary code. > (2) undertaking software development in a collaborative fashion so > that contributors are encouraged to find, document and fix defects; Contributors to closed source software also collaborate and are encouraged to find, document, and fix defects. To be precise, you could say that open source software has a larger pool of potential contributors. Whether more contributors always results in better software is debatable, of course. > (3) disclaiming all warranties and disclaiming liability to the > maximum extent permitted by law. Same for commercial software. > By way of contrast, most of the proprietary vendors I've worked with > treat their defect lists as trade secrets, and then also disclaim > warranties and liability. I agree that being open about known bugs is usually the Right Thing to do. Many commercial vendors have bug/knowledge databases that reflect current state of their software. Many open source projects do not have such databases. Overall, the above arguments sound to me more like wishful thinking rather than sound evidence (unfortunately!). > If a client of mine were ever seriously injured (personally or > financially) by a software defect known to the vendor but not > reported to consumers, I'd sue for fraud regardless of the > disclaimers of warranty and liability. Ouch. Would you sue an open source vendor or just the closed source one (all other factors being the same)? Would your decision to sue depend on the price of the product? License? Number of products distributed? Authors personal wealth? Open source software fans (myself included) tend to use unsubstantiated claims when trying to defend their values. This is not much better than a regular FUD technique used by closed source zealots. We should know better! Alex. -- license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
