Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sorry but there are no extra duties implied by open source other than what's in the licence. Licences usually explicitly say that there is no support and no implied duties other than those guaranteed by law.

Open source/free software existed long before nebulous[1] terms like "influencer" came into fashion.

All it means is that you get the source code and some limited rights to modify, distribute and run the code. The rest is on you.

  If you don't like the licence, don't use the software.
  If you don't trust the author or group behind it, don't use the software.
  If you don't think the project is well run or not, don't use the software.
  If you don't like the politics of the people involved, don't use the software.
  If the website "smells funny", don't use the software.

  If you can't tell if the software is safe or not... you guessed it, don't use the software.
If you drink from puddles then it's up to you to decide if the water is clean or not.

1. i.e. there is no definition in law to what this means.




You're describing things that are legal requirements and legal duties. The parent is arguing that there is a moral requirement and a moral duty to uphold.


Those "moral requirements & duties" usually go into a "Code of Conduct" or "Contributor Guidelines" instead of in the license of the project, as they are separate from the distribution, usage and modification of the code.

And rightly so. The community seems to constantly mix "open source" the distribution model with the "open/community" development model that some projects adhere to.

We would all be better off by being more precise with what words we use to describe all of these things, and what our expectations are. Just like what Hickey did here.


I am referring to moral duties that exist independent of the project they are in. An individual project's Code of Conduct may recognize pre-existing moral requirements, and may apply additional moral goals that the project upholds, but it can neither supplant nor disclaim moral requirements that pre-date it. If an update to a project adds a keylogger and exfiltrates your login information, that project has failed in its moral duty, even if not explicitly stated in the project's CoC.


Well, one of the problems is that there are groups (though few) who want the social sheen of having an "open development process" while not actually accepting input. The fact that the source is published is deliberately conflated with the idea that the community is open, for marketing purposes.


These “extra duties” aren’t implied by open source, they’re implied by common decency.

An open source developer does have a duty to not mislead their users or publish malware.


"Common decency", much like "common sense", is just a projection of one's own values on to others.

I dislike telemetry and ad tracking and I avoid software that includes them whenever possible. I think they're against common decency but I know that others disagree and think both are perfectly acceptable.

We'd all like to believe that we share a definition of what "common decency" is but sadly we don't. It's why we resort to the law to settle disputes and why we need legal professionals to interpret that law.

What you're describing, misleading users or publishing malware, these are not things controlled by some notion of common decency or some personal moral code but either by statutory rights or criminal laws. e.g. in the UK with have the Computer Misuse Act to stop people adding things like time locks to software.

That's completely different to whether the source to an application is available and whether you can distribute modified versions of that source.


> That's completely different to whether the source to an application is available and whether you can distribute modified versions of that source.

That’s fair. My point was that the obligations of open source developers/maintainers do not begin and end with the explicit terms of the license, which is true. There are laws (and norms, though you don’t seem to acknowledge those as legitimate) that publishers of software are obligated to comply with.


So everyone should reject all proprietary software outright (at least for internet-connected devices) and become fluent in programming languages to determine good from evil?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: