Indemnification Of Software, Part 3
Warranties and Indemnification of Software
By Bill Claybrook
September 29, 2003
In this piece I focus on warranties for open source software. Warranties and indemnification are not the same thing. Indemnify means to compensate for loss, damage, or expense incurred; to give security against future damage or loss. A "warranty" is a guarantee given to the purchaser by a company stating that a product is reliable and free from known defects and that the seller will, without charge, repair or replace defective parts within a given time limit and under certain conditions.
Most proprietary software companies provide some form of limited warranty that guarantees that they will fix bugs, etc. HP's [ http://aberdeen.com/ab_company/hottopics/linuxenterprise/default.htm ] software limited warranty is typical of many companies that produce proprietary software and distribute other vendors' software with their products. The company's software limited warranty is expressly limited to the HP owned software portion of the HP software product. It states that "the warranty for any other software portion of the HP software product ("Third Party" software), if any, shall be governed by the warranty terms provided with the Third Party software." HP's limitation of liability statement goes on to include the sentence "your use of the software is entirely at your own risk."
Companies that sell Linux products provide bug fixes and support for the products that they build and sell as covered under their limited warranties, but the open source components in these products that are developed by others are provided and licensed "AS IS" without warranty of any kind. When Red Hat [ http://aberdeen.com/ab_abstracts/2002/12/12022968.htm ] sells Red Hat Linux or SuSE sells SLES, they have many open source components developed by others that very likely have no warranties and Red Hat and SuSE do not guarantee to fix problems that occur with those components that they did not develop.
As an example, Red Hat's limited warranty (for Red Hat Linux 7.2 Standard Edition) says that Red Hat Linux is a modular operating system made up of hundreds of individual software components, each of which was written and copyrighted individually. The components are collectively referred to as the "Linux Programs" or the "Software Programs" in this warranty statement. Each component has its own applicable end user license agreement. The Red Hat limited warranty says that unless otherwise stated in the Red Hat License Agreement, the Software Programs are provided and licensed "AS IS" without warranty of any kind, either expressed or implied.
Generally, there are no warranties on open source software. Users who use open source software are doing so at their own risk. When a piece of open source software is created and put out there for people to copy, distribute, modify, etc. within the rules of the particular open source license, such as the GPL license, the people are generally using it without a warranty. There is nothing in the GPL license, however, that prohibits offering warranty protection for a fee, nor is there anything that prohibits you from charging as much as you want for distributing open source software.
But how important is it to have warranties for open source software --- the kinds of warranties that guarantee bug fixes, new releases, etc? Most of the important open source software packages in use with Linux today such as Apache, MySQL, Samba, Sun Grid Engine, and hundreds of others are not developed by individuals working in the far reaches of the Yukon. Most of these packages are developed by organizations or companies, in some cases, that monitor and control the releases, control the bug fixes that are incorporated, and so on (Linux is a prime example). The products are developed in an organized manner with highly skilled development teams using leading edge tools, and in some cases the developers work for large companies like HP [ http://aberdeen.com/ab_company/hottopics/linuxenterprise/default.htm ], IBM, Sun [ http://aberdeen.com/ab_company/hottopics/linuxenterprise/default.htm ], and others with an expressed interest in Linux and open source software.
The open source development methodology fosters and encourages collaboration across organizations and companies, whereas proprietary software generally does not. So when a company is using MySQL or using Apache or using Linux, they can be guaranteed that there is a development team in charge so that the best product possible is made available to the open source community, and if there is a bug in the software, the development team or someone else in the open source community will have a fix for it, just for the asking.
If a company is selling Linux and/or open source products, should that company at least provide some type of limited warranty even if the developers of the code do not provide warranties? I suppose the logical answer would be yes. But based on the commentary above how important is it? Open source software offers benefits to users that proprietary software does not offer. If users want those benefits, then they will accept open source as it is. If they don't, then that will be the real test for Linux and open source.