L. V. Lammert wrote: > I have been working with a local OS friendly hosting company to add support > for OpenBSD. Unfortunately, they also support with Red Hat, SuSE, and > Apple, and these vendors offer an 'Open Source Indemnification', ostensibly > protecting against legal action from contributors. > > Of course, the OBSD project is meticulous about good copyright practices, > so WE all know this isn't an issue here, but, unfortunately, the hosting > company has lawyer(s) asking for similar 'Indemnification' for OBSD before > they will officially allow OBSD on premesis. > > Question - I know that copyright law trumps 'indemnification' - especially > given the BSD licenses on all project s/w, but has anyone dealt with this > issue before? Can anyone point me to any legal resources that I could pass > along to help satisfy the lawyers?
Well, you could try a little logic with the suits. 1) Do they permit W2k? I glanced at the license there, didn't see any indemnification promises there. What if GNU sues MS and all users of W2k over improper use of code (a common bug between GPL'd code and Windows would be pretty good evidence of such "borrowing"). How about every other piece of software they run on their servers? 2) What if someone runs Application X on their "legally safe" Redhat server? Do they audit the systems to make sure *every* app offers indemnification? We had a situation at my employer recently where we had to "custom compile" Apache from source on an SuSE box. Were we still "indemnified" then? 3) Indemnification for the ISP? I've not looked over any of those contracts, but the hosting company seems to be really far out on the liability limb, would they really be "protected" by what you run on your machine? If it is your machine, are they really claiming they have to make sure your software meets their standards? Are they going to do this for people running "supported" OSs? If they are dictating standards, are they going to accept the responsibilty for those decisions? 4) Point out that OpenBSD created and maintains OpenSSH. I'm sure they would feel happy to follow the logic of their desire to be legal risk-free and remove all Cisco, Linux, and lots of other products. Sure, they may claim that "Redhat provides indemnification for OpenSSH". *IF* that's true, apparently they are either pretty confident there is no problem with OpenSSH (which might imply that the OpenBSD project is pretty careful), or they don't think the real risk of a lawsuit over this stuff is significant, and it's all a big marketing game (scare you into using our product...i.e., FUD with the emphisis on F) 5) Anyone done a check to see if RedHat/SuSE/Apple really have the spare cash to spend on someone else's defense? 6) Do they feel confident that if you switch to one of the "supported" OSs at their demand, and if your box gets rooted and lots of people's credit card numbers (or similar) gets scattered across the 'net, that they won't have their pants sued off them by you and your customers for forcing you to run crapware (you probably wouldn't win that suit, but you could end up costing them a lot of money defending it)? 7) Do they understand that it is your money to spend with whatever vendor they wish, and I doubt they are the only hosting company around? Not sure any one of those is a "killer" argument, but might get them to think about what it is they are requesting. Nick.