Code-dot-mil / code.mil

An experiment in open source at the Department of Defense.
https://www.code.mil
MIT License
1.29k stars 127 forks source link

Disclaim merchantability and fitness for a purpose #36

Closed fulldecent closed 7 years ago

fulldecent commented 7 years ago

When you publish software and use marketing materials to describe that software you are creating a liability that others will use that software and it will not work as described. If the end user is harmed then it may create a legal liability on the publisher.

This is something you want to avoid.

Following are several things that a reasonable person may imply they are getting when they accept and use your code:

This license needs to specifically disclaim all of these implied warranties.

BrandonBouier commented 7 years ago

We've pivoted based on user feedback. Take a look at the current CONTRIBUTING.md

fulldecent commented 7 years ago

This may still be relevant after the pivot.

tomberek commented 7 years ago

@fulldecent

  1. Rather than re-invent the wheel, would the re-use of mainstream licenses address this concern?

  2. Would we need need an additional disclaimer to cover the "public domain" contributions/portions of the repo?

fulldecent commented 7 years ago

@tomberek

If a project can assert copyright, then just select MIT/BSD/APL/GPL/... and this resolves #36.

If a project cannot assert copyright then MIT/BSD/APL/GPL/... are not applicable. Such a project should consider CC0. CC0 is special because it does not assert copyright and still allows permissive use.

Now the project has a license, what to do next?


Would we need need an additional disclaimer to cover the "public domain" contributions/portions of the repo?

No. The public domain contributions and all other contributions are equally covered by the license. Also the Developer Certificate of Origin states:

I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

fulldecent commented 7 years ago

Cross-posting, Army Research Lab uses CC0 for this exact reason

https://github.com/USArmyResearchLab/ARL-Open-Source-Guidance-and-Instructions/blob/master/README.md#the-cc0-license-and-the-arl-contributor-license-agreement-arl-cla

shawoods commented 7 years ago

If a project cannot assert copyright then MIT/BSD/APL/GPL/... are not applicable. Such a project should consider CC0. CC0 is special because it does not assert copyright and still allows permissive use.

@fulldecent CC0 presumes copyright, just like any other license, and waives it to the greatest extent possible with a public license fallback where that is not possible. Government works cannot be licensed under CC0 in jurisdictions, including the U.S., where the work is ineligible for copyright protections. Perhaps I am misunderstanding your statement, but Government works do not equate to CC0.

As far as disclaiming warranties, I recognize that your comment was first made when we where using the draft agreement via contract law. Under that strategy, the disclaimer would have been in whatever open source license was associated with the work. The same is true with the updated strategy, but now the license only applies to copyrighted contributions and foreign jurisdictions where the work is eligible for copyright protections.

Regarding Government written code, which lacks copyright, I am not sure there is a need to disclaim warranties. It is extremely difficult to pursue tort litigation against the U.S. Federal government. While there may be an edge case where this is possible within the context of open source software, it seems unlikely. Also, many of the larger Government software projects used by the public were ultimately commercialized with a contractor and copyright in the mix, so that's different altogether.

Most of the agencies using the public domain + CC0 approach do not explicitly disclaim warranties for the public domain piece. I will have to dig into the legal enforceability of warranty disclaimers on Government written ("public domain") code. The disclaimer wouldn't attach under a license to the public domain piece, so I'm not sure how that would really work. I'm also not sure there is a true need given the breadth of sovereign immunity. Certainly open to any input or ideas on this front!

fulldecent commented 7 years ago

The ARL policy (incorporated in PR #85) and its contributor agreement handles this well.

If a private citizen contributes to a government project they want make that contribution without any warranties/liabilities attached. That's the main issue.

shawoods commented 7 years ago

If a private citizen contributes to a government project they want make that contribution without any warranties/liabilities attached. That's the main issue.

Agreed. And the DCO process with the appropriately selected open source license takes care of those issues.