On Thu, 23 Oct 2014, D Brashear wrote:
Or the developer, if the builder and/or signer are not otherwise contractually tied to the foundation's insurance.Again, seek actual legal advice. Yup. And that's the summary I'd give about the understanding Stephen was looking for after Jeff's earlier comments. Jeff explained what things looked like, legally, for him. It's not FUD. It's what Jeff is willing to do based on Jeff's lawyer. What someone else is willing to do should, though, be entered into by that person only with an understanding of what their liability is, or with the explicit knowledge that they plan to ignore it and hope for the best.
IANAL, but it seems Jeff's company is probably subject to section 4 of the IPL, "COMMERCIAL DISTRIBUTION". If the Foundation signs binaries and distributes them, is it necessarily commercial distribution? If so, there's greater risk involved than if it can be classified non-commercial distribution.
The openafs.org website (is that now owned by the Foundation?) provides binaries now. One could argue that it's the same risk[1], but that signing binaries creates more awareness (but I'm not sure I have the energy to think that critically with my current head cold).
In any case, OpenAFS is not the only project which must decide how to move forward in this scenario. It might be instructive to see how macports, homebrew, etc. respond. On the other hand, if the Foundation has a lawyer to consult, this thread is mostly wasted time...
[1]If one assumes that by signing binaries one is simply verifying their veracity, not certifying that they'll do no harm.
Cheers, Stephen
