Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Licensing for Safety

by mothra (Hermit)
on Apr 24, 2001 at 17:01 UTC ( #75035=perlmeditation: print w/replies, xml ) Need Help??

After reading this thread and now that my current (side) project - a shopping cart implemented in Python with a "Send Comments" form written in Perl - involves credit card numbers, I would like to ask for the wisdom of the community.

I just sent an email to my client yesterday, telling him that the site I'm doing for him is now ready to be beta-tested. In that email I spent about 3 paragraphs emphasizing that even though (before the site goes live) I'll set up the site to use SSL, and a suitable encryption scheme for the emailing of the CC nums from the site box to his box, there are tools available on the Internet that allow even a "12 year-old no brainer to crack websites".

Now, clearly, my intention is to do everything I know of (and everything that $700 can pay for, because that's all I'm charging :) to make it difficult to crack. ie. the CC numbers are never written to disk, and as mentioned I'll be implementing SSL and likely PGP for the emailing of the CC nums.

But what is recommended to disclaim all liability for any consequences that may result from the operation of this site? Do I write out a liscense on paper and have him sign that document or something (eeek...this smells like lawyer's fees to make sure it's worded to be able to stand up in court). Is there a standard disclaimer I should put at the top of each source file? Do liscenses really buy you any safety in this situation? I'd be interested to hear your thoughts and your experiences.

As a point of note, I'm not too picky on the distribution terms (ie. GPL, BSD, Artistic, etc), but more concerned about disclaiming liability in a scenario for which I am clearly doing everything I know of to keep it secure, but still want to be able to sleep at night when the site goes live.

Replies are listed 'Best First'.
Re: Licensing for Safety
by Desdinova (Friar) on Apr 24, 2001 at 20:21 UTC
    Personally I would say chekcing with a lawyer is the best bet. If you are going to be doing anything like this in the future you can probably have him draw up a generic contract to cover this. Overall the cost of the lawyer will be nothing caompared to what it could cost to defend some home brewed solution. Unlike code the law does not seem to respond well to creative hacks. just my 1/50th of a dollar
Re: Licensing for Safety
by jeroenes (Priest) on Apr 24, 2001 at 19:29 UTC
    The GPL includes a limited warranty and legiability clause. Or whatever the legal terms may be.

    So distributing under that license should protect you.

    Regrettably, I don't know how well the GPL stands in court. AFAIK there is no court ruling about this aspect of the GPL, so it's not 'tested' yet. But, it's clearly written by lawyers.

    "We are not alone"(FZ)

      Read the GPL carefully. In addition to the one in it, you are supposed to put in another disclaimer of warranty. IANAL, but I suspect that if you didn't someone could come up to you and say, Well by section 5 I decided that I didn't want to accept your stupid terms, including your lousy disclaimer, and so I am suing you within an inch of your miserable existence!

      I don't know whether this was possible, but the FSF certainly thought there was some issue or they wouldn't have put in those instructions...

      It just occurred to me that the GPL probably isn't an option in my particular scenario because of its lack of compatibility (to my understanding, but I may be wrong) with Python's license. Darn...

      Update: Actually, after having read this, Python code seems to be GPL-able in 2.1...but the web host uses v1.5.2...doh, I lose again. :)

        Why would the license of your code be restricted by the license of the interpreter/compiler? Can't you GPL your code, even though the interpreter isn't GPL?
Re: Licensing for Safety
by mrmick (Curate) on Apr 24, 2001 at 18:23 UTC
    I really don't have any advice on this one but I think this is one of those really hot questions with answers that could possibly benefit us all.

    I would really like to see some enlightened comments from those who have been through this sort of thing (disclaimer of liablilty) and how it was handled.

    ++mothra for asking this question.


Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlmeditation [id://75035]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (2)
As of 2022-05-25 03:01 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (84 votes). Check out past polls.