Maybe it is time to enshrine open-source software development into law, and out of the realm of merely relying on an old copyright hack. It was a very clever hack, of course, but maybe the software industry has outgrown it and needs more legal basis to rely on.
> time to enshrine open-source software ... merely relying on an old copyright hack
the copyright hack you're referring to is the copyleft hack, associated primarily with GPL, whose hacker author (Stallman, and not that kind of author) chose to call "free software". (This is the idea that if you take a copy of copyleft software and use it to create a product, users of that product are permitted to see the source code if they want, just as you got to see the source code that you used to create it. If you don't want to agree to that, don't use that free software in your product)
the people who chose to distinguish themselves (ESR Eric Raymond) from "copyleft free software" chose to call their movement "open source", and their disagreement was precisely with the requirement that you share and share alike what was shared with you; and their disagreement was not in regard to whether it was a copyright hack or a signed contract, it was the meaning or intent of the express user permission to see the source (which they like to portray as a restriction on their right to hide the source)
so it doesn't make sense for you to conflate "open source" with the old copyright/copyleft hack, which more importantly has nothing at all to do with with warranties.
seems to me the issue OP has brought up has more to do with "click/shrink wrap" licensing. I don't know where the UK stands on click&shrink wraps, but seems to me you'd attack entire ediface rather than specific terms within (although I am aware that european regulators (and to a lesser extent american consumer rights advocates) obsess over customer rights to warranties)
This is incorrect; all OSS licensing including the MIT licence is a hack which defeats and circumvents the current automatic copyright regime.
The issue in this case is that for any software which is released by anyone, for free, no matter the licence attached to it, the UK courts are contemplating doing do may create a fiduciary duty between the author and the user based on the user's actions entirely.
The fact that FLOSS types both view this as an absurdity that couldn't possibly affect them, and in some cases that since Bitcoin is unfashionable in certain circles it is somehow just punishment in the form of psychopaths with money trying to ruin the Bitcoin developers and their families, while talking openly of shooting them all in the backs of their heads, on video, while fondling an illegal weapon that the cops in the UK are doing absolutely nothing about—well, this kind of blind eye they're turning to the developments in this case are astounding to me since there's no logical/sensible way to disintangle the notion that a user's actions are what create the fiduciary duty, from literally every other project on the planet.
What would that look like exactly, and how would it help in this case?
At the end of the day, there will still be conflicts over responsibility, no matter what the law or licenses say. Making authors of open source software immune from all responsibility in any and all circumstances doesn't strike me as a good idea, because it will also enable abuse by bad faith actors.
It doesn't need to be all-or-nothing. The broad standard in most law (that I know of) is sufficient: if you can establish a _mens rea_, you're entitled to damages.
Not that establishing intent to do harm would be easy, or that the law is effective or efficient. But if you're looking for a watermark to shoot for...
But isn't it the court's job to find out if that's the case? I don't see what needs changing here.
Or: the MIT license has essentially worked as intended for almost 40 years. Now one bad-faith troll abuses the court system. Do we really need to start panicking? Courts exist to settle disputes, and sooner or later some bozo will come by with a faux-dispute. It's kind of inevitable, and unless there's a structural problem – which doesn't seem to be the case – it doesn't strike me as something that needs new legislation.
The problem is that a volunteer developer will now have to spend hundreds of thousands of dollars/pounds (according to nullc's comments in this thread) to defend against said bozo with a faux-dispute.
Panic? no. But this isn't the case that someone is conjecturing that the licenses protections would be inadequate, it's a concrete example of a case where they haven't been enough to control costs.
Maybe it's a one off fluke. Or maybe it isn't. I think that makes it worth discussing.
I think it's not difficult to imagine alternative terms that would have been likely to have a stronger effect.
The dispute is essentially that Wright claims to be the legal owner of some Bitcoins, and that the developers of the Bitcoin network are preventing him from accessing them. Whether Wright owns the Bitcoins is disputed. Whether the Bitcoin developers actually can do anything at all is also disputed. However, the ruling stated that the dispute has merit in the sense that it's a real dispute and that there is a realistic argument from Wright's side.
After reading the appeal ruling, the case seems to have far more merit than is presented. If you want to develop money-like software then you have to accept money-like responsibility. Where this responsibility starts or ends is currently unclear. I don't really have an answer what responsibility there should be, but a full rejection would be an absurdity: Bitcoin developers could legally push malicious updates which steal Bitcoins for example.
In short: there is a legitimate dispute here. The legal system seems to be working as intended.
> I think it's not difficult to imagine alternative terms that would have been likely to have a stronger effect.
The MIT license has a very strong "no liability" statement. I don't really see how it can be improved.
In many jurisdictions law takes precedent over contract. In the UK specifically liability cannot be signed away unconditionally and is always subject to reasonableness. This is the case for most jurisdiction, with the US being the notable exception I believe (although this may also differ per state).
However, it seems to me the entire thing is only tangentially related to "MIT license" or "open source" at all.
> but a full rejection would be an absurdity: Bitcoin developers could legally push malicious updates which steal Bitcoins for example.
That's incorrect and addressed explicitly in the trial court decision: a fiduciary duty isn't needed to prevent someone from behaving fraudulently.
And what he demands is an affirmative duty to act, which isn't even necessarily found in a fiduciary context, and is almost never found otherwise. E.g. you could be falling off a cliff right in front of a police officer who need only toss you a rope to save your life, and the rope is already in his hand-- he has absolutely no obligation to do so (in the UK or in the US, as a matter of settled law).
This is because duties to act are in conflict with duties to not act. If both can exist then there may be no safe move. In the US and UK we've decided that inaction is the safe move, so it's you to get sued for actions that cause harm and very hard to get sued for inaction that fail to prevent harm. Situations where it's reversed are special exceptions.
In this case the true owners of the assets would obviously have not only a reason to sue but to seek criminal charges if the defendants aided the plaintiff (it's his case that the defendants are already in breach of their obligation to rescue him, even though he did nothing to convince them that the loss was real or the coins were his before suing). Moreover, essentially every user of Bitcoin bought into a system with certain well described properties, including the impossibility of directly recovering lost coins-- a fact that was explained quite clearly by Satoshi (who the plaintiff fraudulently claims to be!). If it were possible for the defendants to change that and they did, every user harmed by undermining the system in that way would have a clear cause of action against them.
This kind of impossible bind is why our legal systems are extremely conservative in handing out these kinds of duties (both in the US and the UK, though the underlying case law is different obviously). It shouldn't be possible to accidentally and unknowingly end up being a fiduciary to total strangers who have no particular reason to trust you.
> If you want to develop money-like software then you have to accept money-like responsibility
Except no such duty has ever been found for commercial banks or central banks. If you claim to have lost your dollars you don't get to sue your bank or the fed to replace them for you.
Moreover, many of the defendants (most I think now?) are no longer developers and many weren't long before this supposed loss.
> I don't really see how it can be improved.
An obvious change which has become common in commercial terms of recent years is to require explicit indemnification. It also could have more expressly set out the non-relationship between the user and the authors.
One of the big problems here is that there will never be any compensation for the costs to us here. It's not like after we win all the costs will be covered and we'll receive a reasonable rate for the time spent defending it.
We gave our labor away for what we hoped was the betterment of the world, with no direct benefit to ourselves for doing so, and in return this is what we get: It's a really bad deal, and so Wladimir saying he regrets it is no shock.
The abuse and lack of gratitude from a few users that many high profile open source developers get is one thing... being dragged into a foreign court over something which isn't even argued to be your own fault is something else entirely. It's not like he argues that the results are on account of error or negligence on the part of the defendants-- much less malice!
Heck if you wanted to claim that it was due to a design flaw in Bitcoin--- well the plaintiff claims to be the person who created it! (...who spent the early days of Bitcoin explaining that there was no way to recover lost coins and for good reason, because any mechanism to do so would require third party trust which the system was designed to avoid).
None of that really counters that there is a conflict, and that legally speaking it's not quite straight-forward. I'm not the judge presiding the case; I don't get to decide one way or the other. I'm just saying there is a legitimate unresolved conflict, and that courts are the system we have to resolve that sort off thing.
> If you claim to have lost your dollars you don't get to sue your bank or the fed to replace them for you.
If I claim it's the fault of the bank? Of course you can.
The judge decided there wasn't one, it was the appeals court that differed. :)
> and that courts are the system we have to resolve that sort off thing.
If not for some fortunate historical luck it could only decide this wrongly, since but for some fortuitous turns we'd be forced to lose due to being unable to afford the defense. You can easily replay this situation with different defendants or a different situation and get that outcome.
If not for the impossibility of the requested remedy (and the fact that plaintiffs was never to be win)-- I don't see why it wouldn't just be rational for us to collude with the plaintiff and throw the case in exchange for, say, half the windfall. Fortunately for Bitcoin users the system is designed in a way to preclude that possibility, but not so fortunately for us.
> If I claim it's the fault of the bank? Of course you can.
At no point has the plaintiff alleged that the loss is our fault.
I have a set of licenses ([1]) set to be approved by a lawyer. Because of your suggestions, I've now added an indemnification clause and a clause disclaiming any relationship between user and contributor.
Major corporations have entire strategies built around open-source, with many household names that you know (Facebook, Microsoft, Google, ...). According to random estimates on the internet, open-source software is a $50 billion annual market. There's enough "there" there to get you something.
Hold the entire world's technology industry hostage.
Nice multi-billion dollar business you got there, be a real shame if somebody started introducing subtly-breaking bugs into that critical library you use, wouldn't it?
What exactly do you think the legal process accomplishes, when you have a bad actor with deep pockets that sues people that do not have equal means to defend themselves?
I can guarantee you that the Big Tech that does use open source takes a number of measures against this. They usually maintain a fork against the upstream repository, for one. There is no case where you could commit code to an open source library and immediately have it affect any Big Tech code.
I can keep going. The notion that big tech has the time or inclination to rigorously audit all the free software they're using is absolutely laughable.
If only there were a different license that kind of predicted all of this and governed itself accordingly? At least some kind of much better starting point from which to begin these things? If only someone had thought of that?
In all seriousness, it appears as if I'm the first to mention the GPL in this thread and I find that very odd. There's your starting point.
… if the MIT license's warranty disclaimer doesn't hold up in this regard, what makes you think the GPL's would, or for that matter, any FOSS license's such section?
The result allegedly reached here is absurd. No amount of legalese can defend against absurd conclusions.
Section 1. Article I, Section 8, Clause 8 of this Constitution is hereby repealed.
Section 2. Congress shall make no law abridging the right of the people to publish or peaceably implement ideas.
