On Sat, Nov 18, 2023 at 11:43:27AM -0700, Sam Hartman wrote: > >>>>> "Bart" == Bart Martens <ba...@debian.org> writes: > > Bart> On Wed, Nov 15, 2023 at 02:52:31PM +0100, Lucas Nussbaum wrote: > >> I wonder if we should have something like "Free software > >> development by nonprofit organizations" somewhere. > > Bart> Are we now drawing a line between profit and nonprofit? In my > Bart> view, with Free Software it should not matter who produces, > Bart> publishes or uses the software, in commercial or nonprofit > Bart> context. That is, in my view, an essential element of the > Bart> continuous growth and success of Free Software. This should be > Bart> the main message if Debian would make a public statement in > Bart> this context. Debian should not try to fix the EU text by > Bart> defining which categories of contributors are to be > Bart> protected. On the contrary, we should aim at keeping the > Bart> existing freedoms for anyone alike, including commercial > Bart> companies. That is also publishing open source software under > Bart> licenses with the usual disclaimers of liabilities. > > I think that when your practices can be best described as monatizing > your customers, or monatizing the users of your open-source software, > then you have extended beyond the free-software ethos, and I think > commercial liability makes sense.
My point was that Debian's role in this context is promoting the DFSG, and not helping the EU with overruling DFSG 6. > > So let's consider some situations. > > * A commercial company writes free software. Should they have liability > to someone who grabs that software uses it unrelated to that company's > business and they never make money from that person? Example: A large > company makes a useful library that they and others use; the library > is ancillary to their business; they do not provide support for the > library. > I'd generally say that the commercial company is writing free software > and I agree that Debian should support the idea they should have all > the protections of anyone writing free software. I follow that. > > * A commercial company writes free-software that for all practical > purposes can be used only for access to their proprietary web > service. I'd rather not allow arguments about whether a flaw is on > the web service side or the client API side to be used to help the > company get out of liability to their customers/users. I guess "awscli" is an example of this situation. https://packages.debian.org/sid/awscli https://metadata.ftp-master.debian.org/changelogs//main/a/awscli/awscli_2.12.0-1_copyright So the EU would hold Amazon liable for damages caused by using "awscli", overruling the "without warranties" clause in the license. Well, then next time Amazon might choose to only provide documentation of the API, without publishing an open source example implementation like "awscli". That's a loss for foss. It illustrates the value of DFSG 6. > > *A company writes software. They sell support for that software. They > have a track record of being bad about providing security updates to > people who do not pay for support; it is hinted that this helps them > drive support revenue. Example of such software in Debian? > I think they should be in the same boat as any company giving software > away for free and also selling support. I.E. the fact that the source > is available should not in this instance help them escape liability. > Whether not giving away security updates for free should be considered > good business or a social evil seems like a debate for another forum, > but I don't think open source should be a factor here. We have a different opinion on that. > > So, there are some cases where I agree with you that the commercial > nature of the company should not matter to free software protection and > other cases where it is a lot less clear to me. > > I do think we want to avoid cases where releasing something as free > software or open source increases liability over giving the same > software away for gratis as closed-source. I follow those two points. Cheers, Bart > > --Sam
