Nope, you never have zero duties, as much as you would like to be a jerk to people. Just like putting salmonella in your free cookies will get the police to show up at your door real quick, releasing open source code with malicious behavior, or lying about what you’re doing, or just straight up being a rude person is not really acceptable, open source maintainer or not. There are appropriate consequences for all of these, and not all of them involve the legal system.
Purposefully poising people without disclosing that, is illegal. Yes.
Purposefully infecting computers with viruses without disclosing that, is probably illegal too. Yes.
Publishing code that on purpose infects computers with virus but disclosing that, is probably not illegal.
Publishing code without any disclosures at all, which happens to infect people, is probably not illegal either.
You don't have to download random code from GitHub and run it. No one is forcing you to. And if you do so, you're responsible for your own actions.
Lying about what you're doing or being rude is shitty, and the ecosystem should not support that, I agree with that. But throwing in a MIT license together with some code you publish, doesn't simply that you won't lie or that you won't be rude. It just says that you can use that code if you want to.
What you're looking for if you're looking for promises of not being lied to, is something closer to a Code of Conduct or Contributing Guidelines. It's outside the scope of (most) licenses.
Right, there's levels of consequences here. You're very focused on what's illegal. Some of the things I mentioned are illegal and you would probably be sued/go to jail for them. Some probably aren't illegal or may even be explicitly legal (NO WARRANTY, etc.) but there are still consequences to doing it. You'll often only get the chance to get people to try your published code that happens to infect them once, and after that they will not only avoid your software but also get people to do the same. They may even be upset that your software did this, because despite there being no legal agreement in place between you and the person that downloaded your software to prevent this, they do have a social expectation that you're not being negligent, or misrepresenting your code. Nothing stops them from calling you a jerk.
I agree but you’ve just explained nicely why this duty has nothing to do with open source software. The duties you’re talking about are universal. Are there any special duties open source devs have that other people don’t have?
