I might have what many could call a utopic view of what Open Source is. Ever since I began teaching myself programming, I viewed Open Source as an Oasis of some sort: As a way to make programming knowledge and tools more accessible to everyone; to help push our craft to new heights for everyone while giving a higher floor rather than a higher ceiling and helping put everyone on an equal footing.
A tool for vulgarization is what I though it was.
To me the part THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND of the MIT License always meant "I have no warranty this will work or that you won't fuck your stuff up by using it wrongly". It never meant "yolo, I do what I want, deal with it or not, lemme add malware real quick and you can do nothing about it".
Looking at OS licenses, none provide liability. I don't ask for full liability like "it's your fault it doesn't suit my project and I deleted important files accidentally" but more in a responsibility aspect like what the Programmer's Oath proposes. If anyone knows a license that's the MIT's equivalent but with that in mind, I would be more than glad to migrate all my projects to that license.
I don't ask for every open source developers to devote their lives to maintenance for free. All I'm asking is for people to stop acting erratically.
Ultimately it's my fault. My fault for thinking once again that human beings could be genuinely good towards each other. My fault for thinking human beings were capable of anything but malevolence. My fault for supposing that everyone in the Open Source community were Scientists that would operate with everyone's best interests at heart. My fault for thinking that human being could be anything but fundamentally self-centered.
Quite ironically I enjoy the principle of Individualism as: treat humanity as separate individuals that happen to join as groups, and not as a group of individuals (i.e. n x 1 vs 1 x n). But to me it was never about "be self-centered and selfish and let everyone else do the same". It's more like "treat each individual right, and the entire group will be treated right" instead of "try to treat the majority right".
Me being disappointed would be quite an understatement. It's hard enough to try and treat everyone decently, it's even harder when everyone acts the exact opposite way towards you.
The "yolo I do whatever the fuck I do" mentality is not a very fitting one. It's not anger I feel, it's disappointment and disgust.
Whatever opinion you have on the subject, opposite or not, contrasting or not, I'd be happy to hear and bounce off of.
EDIT (2022/07/31): I recommend the No Malevolence extended MIT License
Top comments (4)
Imagine you see a homeless beggar on the street asking you for money. You feel sorry for the guy and give him 20 dollars such that he can buy food. He buys crack for your money and ODs, for then to sue you for a million dollars for "having facilitated for his drug abuse". The purpose of the MIT license is to avoid such scenarios, nothing more, nothing less ...
Personally I create open source for altruistic reasons. Sure it might not be the reason why I can create open source, but it's definitely the reason why I want to create open source. If somebody downloads my code for free and use it, for then to sue me over some detail in it, I would become "moderately angry" (understatement of the year) - Therefor we use such license terms as the MIT license to avoid such problems ...
As to a "hippocratic oath" for software developers, particularly open source software, that is 100% redundant since people can check out the code and verify themselves that it's good (or bad) - Which is kind of a lot of the purpose with FOSS. If somebody creates "bad code" I simply won't use it ...
As I stated, I'm not asking for full-on 100% liability. I'm just looking for solutions to have more responsibility over what I deliver, to spare my users from "I'm gonna fuck your shit up knowingly and intentionally, just because I feel like it" (which can be trivially done by updating the minor version of a previously trusted source, have someone make a fresh install and/or update according to semver and watch the world crumble to dust). Basically an MIT License with the added promise that I won't screw users over with malicious intent, and if I do so then I should definitely face the adequate consequences.
As for an Oath, it's aimed to be more generic than just OSS or even Software Developers. Feels weird to only have Physicians solemnly swear that they'll follow a specific set of principles when they could damn well be applied to each and every scientific field.
Well, I guess your suggestion has become increasingly important lately, seeing some people having conspicuously sabotaged their own packages lately (non mentioned, none forgotten) - If you deal with a company though delivering open source, such as us I guess it becomes at the very least "less likely" due to the monetary needs required to actually run a company, creating slightly higher amounts of responsibility ... :/
I'm thinking about it, so I started working on this proposal: dev.to/rmlira_/dependency-guards-jb5
Trust based solely on license or semver claims can be tricky. I think that the opensource ecosystem itself can create the appropriate mechanisms to give us security to a certain level, but of course it requires a lot of work.
I'll be happy to have your feedback too. Thank you for your time.