--------snip-------- Boy wrote:-
LL's new policy says under 7. "If you are a user or Developer of Third-Party Viewers: a. You are responsible for all uses you make of Third-Party Viewers, and if you are a Developer, you are also responsible for all Third-Party Viewers that you develop or distribute." In it's current form that reads: a developer is fully legally responsible for the code, and in addition to that also carries full responsibility for any user action of anyone using that viewer. In my opinion that's a killer clause nobody halfway intelligent can accept. --------End Snip------------ That's not how I interpreted the line, although I agree it is ambiguous. My reading was that you are responsible for: a) what you write as a developer with which you then log on to the grid (so the "Oops I didn't mean to delete the grid with my pre-alpha release "Fluffy Lief Deathstar Viewer", it was just an experimental feature to see what would happen if I spoofed admin rights and pressed delete - it wasn't a production ready feature." excuse wont work.). This seems just a restatement of the TOS for accessing the SL grid (i.e. It's a violation of the TOS to wreck the grid); and b) what you then publish to the world either by passive distribution (such as a public source archive) or direct distribution (eg emailing it to friends). This means make sure you put the approved Gamma release of the "Fluffy Lief Deathstar Viewer" not the auto-grid-deleting alpha version out for public consumption (so the "Oops I just renamed and copied the KoobFace trojan to the distribution list as the 'Fluffy Lief Deathstar Viewer' by accident." Doesn't work, because you are responsible for getting the publication of your viewer right as well. It might be arguable that the obligation extends to ensuring that the public distribution is not subsequently replaced with non-official hacked version, but this might be satisfied by electronic code and zip file signing (which I gently suggest you should probably be doing anyway). I don't see that it says you are then responsible for what the users then do with your browser or code. That is between them and LL and covered by the TOS. (Even if it did say that, it would probably be an unenforceable requirement in most if not all jurisdictions and would, in a badly written license or other contract, cause the entire agreement to fail, and in a correctly written document, just result in the clause being struck). To cover the end user use of the viewer the policy would, to my reading, require something more - eg "are also responsible for all Third-Party Viewers that you develop or distribute, broadcast (or otherwise cause or allow to be transmitted in electronic or physical form), duplicates made there-from and all works derived therefrom regardless of whether said duplicated, broadcastn (etc.), or derived works were authorised, enabled or performed by you". Which, of course would be your classic unenforceable obligation.but it didn't say that, I don't think. Read this way the requirement is reasonable - it means "be careful what you code and don't screw us up through deliberate or accidental breach of this agreement, and then be careful that what you supply to others as the viewer you registered with us is actually the viewer you registered with us". It might also mean: "LL hold you responsible for protecting the integrity of the public master copy of the registered viewer (not each duplicate made therefrom), because we aren't doing the distribution ourselves, but linking to your distribution site." Which also seems fair enough to me. Trying to hold the original author responsible for a third party's derivative version of a work after the third party has defaced it, is patently silly and (at least inn the general case) unenforceable and I doubt very strongly where LL's lawyers would intend such an "courageous" clause. The wording probably needs a little rework so that the apparent ambiguity is removed, particularly since there is still an ongoing argument in IP legislation circles about the relationship between duplication, distribution and broadcasting, so the full meanings of some of these terms are yet to be completely distilled. Another key issue revolves around the meaning of the term "responsible". I read that as "you agree to not code into your viewer any of the stuff we said you shouldn't, and that you agree to ensure that the version(s) of the browser we agree to put on our register is/are the ones you actually distribute." Other responsibilities such as not breaking the grid, are governed by the TOS - as a viewer that is not connected to the grid is effectively outside the reach of the said policy. Regards Jonathan Bishop Managing Director Bishop Phillips Consulting | Melbourne, Australia - Vancouver, Canada Mobile +61 411.404.483 | Office +61 (3) 9525.7066 | Fax +61 (3) 9525.6080 bish...@bishopphillips.com | www.bishopphillips.com <http://www.bishopphillips.com/> _____ From: opensource-dev-boun...@lists.secondlife.com [mailto:opensource-dev-boun...@lists.secondlife.com] On Behalf Of Boy Lane Sent: Thursday, 25 February 2010 3:19 PM To: opensource-dev@lists.secondlife.com Subject: Re: [opensource-dev] Third party viewer policy I would like to reiterate on one point that was mentioned shortly already, the liability of a developer. LL's new policy says under 7. "If you are a user or Developer of Third-Party Viewers: a. You are responsible for all uses you make of Third-Party Viewers, and if you are a Developer, you are also responsible for all Third-Party Viewers that you develop or distribute." In it's current form that reads: a developer is fully legally responsible for the code, and in addition to that also carries full responsibility for any user action of anyone using that viewer. In my opinion that's a killer clause nobody halfway intelligent can accept. In detail, this clause has two major implications. Firstly by accepting 3PVP a developer would have to take full responsibility for the viewer and the code it is based on. We all know that these sources were developed by hundreds of different people and contain hundreds if not thousands of known and unknown bugs (not sure about actual Jira statistics). LL itself declines any responsibility in the sourcecode by sating "ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, COMPLETENESS OR PERFORMANCE." Now LL forces a 3rd party viewer developer to take on exactly that responsibility LL explicitly disclaims. I as a developer can not accept this as I'm simply unable to guarantee that the underlying code is 100% failure free or that there are no exploits possible to abuse that code. Nobody can guarantee this and therefore should limit ones liability to either the value of the software itself, here free open-sourced code with a value of zero; or completely disclaims any responsibility as it is the current status of the viewer code. Secondly and worse than the first point, by accepting the policy I'd also automatically take on full responsibility for anything a user does with the viewer. Be it using build in features (abuse, harassment, griefing, you name it), or furthermore use exploits in the code for not only malicious activities. No developer ever could control or prevent any user action and should never be held responsible for any action a user does with the software provided. I fully agree that a certain level of accountability is necessary. LL has already all means to implement such accountability by having RL details of each developer that is connected to an avatar. That's what the ToS warrant. As such LL is already enabled to identify and prevent access of malicious viewers and creators behind. The current liability clause therefore goes way to far, is unfeasible, and renders the complete policy unacceptable. In addition to that I can only second the concerns of Marine, Henri and others that RL details of viewer developers should never be made public in any form. LL per ToS has all RL details required. Publishing them would only do one thing, open a can of worms for RL consequences, abuse, grief and enable self-proclaimed better-citizens to take law and right in their own hands as recent examples just showed. Please revise the developer liability accordingly and add a clause that RL details of viewer developers must never be made available to anyone else but LL and legal authorities if required. Anything else is simply unacceptable. Boy
<<image001.gif>>
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
