Just return from beautiful Stuttgart where I participated on Osepa's Steering Group Meeting and Study Visit. I gave a presentation about "Open Source License issues, Liability & Software Public Procurement Policies". You can download it here (although I think the slides are a little abstract to understand without the speech).
Liability seems to be a very critical issue when it comes to Public Sector. People want someone to blame if something goes wrong and that's a justified demand (at least on a certain degree). So the slide below started a really nice conversation among the participants:
The quick answer is No indeed! Take a look at GPL (and you can find a similar disclaimer on every FSF or OSI approved licenses:
16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The reason for this is that an Open-Source project is potentially developed by the whole world, or a little more realistic from a large community. So the above disclaimer is a way to protect the community from legal obligations. Otherwise a user could blame every contributor of a project on a failure incident (eg. data loss). This is short of a legal protection for the community.
This may seem quite reasonable, at least to Open-Source developers, but it's not to Public Sector managers, politicians and decision makers in general. As I already mention they want someone to blame. Well my next slide clarified some things:
What I mean by "Liability depends on support contract" is that the vendor (the support contract owner) has now the legal responsibility. He is the one who guarantees that the software solution he'll deploy and support is reliable.
Many things have been written about the Open-Source paradigm shift on business model, moving from Software as a Product to Software as a Service logic. Well here is yet another paradigm shift. Software Liability is not upon copyright/left holder or developers, but the Vendor that supports and deploys it. In other words the legal obligations are moving from the product developers to the service provider.
As we would expect the "service" is again the keyword. Now the hard part is to convince the politicians about that :)
PS. What "Liability depends on users modifications" means is that if the user (eg. municipality employees) alter the software (it's open-source after all) it's difficult, if not impossible, to have legal demands against the vendor. This is something that we have to keep in mind.