Jonathan Carter <j...@debian.org> writes: > It's not 100% clear to me, but from what I understand having had some > informal conversations with experts in this field (we should ideally > speak get some more information from legal experts on this topic), it > would fall on individual members, unless a TO has en explicit contract > with someone.
This is also my understanding from other open source governance work I've done on other projects. Unless the organization is incorporated, I think the liability falls on the individuals. Even if it is incorporated, it's fairly standard to carry directors and officers liability insurance because they can still be potentially held personally liable. (If you do open source work outside of the auspices of an organization that carries insurance and you have assets to protect, it's worth considering a personal umbrella policy.) My understanding of US business law is that most lawyers would tell us that what we're doing is ill-advised from a legal standpoint because we may accidentally form a general partnership. You essentially never want to have a general partnership because the members of the partnership have unlimited liability for the actions of the partnership (basically, each individual can be liable for anything the other individuals do as part of the partnership). I'm not sure how large that risk is to Debian in particular since we don't engage in commerce and therefore may not fall under commercial business rules, but it's not a situation one wants to come close to. > It's one of a few important reasons why we need to look at incorporating > Debian, I wanted to push for that during the last year, but during the > release and the last 1.5 GRs didn't seem like an ideal time for it. I'll > also provide some more details and thoughts on this on -vote over the > next week, but I believe this is something important to pursue for the > project regardless of who serves as DPL for the next term. I agree. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
