using the PSF license for one's code

Terry Hancock hancock at anansispaceworks.com
Fri Nov 8 23:49:55 EST 2002 

Donnal Walter wrote:
> program. Of course it would be difficult to market a spreadsheet, and
> I have had no desire to consider it. I also have no desire to release
> it as open source, as long as it is in the form of a spreadsheet. But
> my point is simply that this is the kind of application that cries out
> for *some kind* of open source distribution. On the other hand, most
> of the applications we have in mind have more to do with organizing
> information than with performing calculations.

Yep: "high use-value, low-sale-value" fits Eric Raymond's analysis anyway.

> Incidentally, there is (now) a commercial product available to do this
> task, and it carries a disclaimer that the user is responsible for
> verifying the accuracy of output. Of course, the source code is not
> available for us to look at.

I like the idea that *full-disclosure* should be a defense against
liability claims.  Because it seems fair to me that if I can find out
fully how something works, it's reasonable for me to take
responsibility for it.

I think the thing to realize about open-source versus closed-source
for reliability is that using closed source may reduce your responsibility
-- i.e. you can pass the blame onto the source of the software more
easily if it fails and kills somebody.  But it doesn't do anything to
reduce the actual chance of it killing somebody. In fact, the "fewer
eyeballs" effect -- an indirect, but definite correlation to being closed-
source -- probably *increases* the actual risk.

Or to put it another way -- no amount of life insurance will save your
life. Wear a seatbelt instead.

For people who *really* care about safety (as opposed to liability), 
open-source is usually going to be a good choice.  That's because
there's just no practical way to get so many people to check closed-
source code.  I'd like to think that when the stakes are life and limb,
that people *are* more concerned about safety than liability.

I think this is the reasoning behind the military and data security
folks who argue for using open-source code. Certainly it was not
an obvious result. I think it started because a lot of users had a
feeling that open-source code was more reliable without actually
knowing why. Then I remember there were some articles talking
about proving it by running the Gnu utilities and the control
group of commercial Unix utilities against random data and counting
the crashes. It was only after that that I started seeing arguments
for *why* this should be so. (IIRC -- other people may remember
this differently, I certainly don't have references). 

It was certainly a revelation for me -- I guess I'm a "free-software 
convert".

> David Brown:
>> Have you considered whether Python is really a suitable
>> language for this job?  It is probably ideal for your first
>> project, but not necessarily for the second one.  Python
>> makes it easy to write great software, but it also makes it
>> easy to make mistakes which can only be found at run-time.

Really, though, the software should be extensively tested at the
run-time level, anyway.   Also, the real question is "what happens
if it does break?".  In this case, it sounds like a pharmacist checks
it anyway. If it's too far out of bounds (i.e. deadly), they're going
to catch it right-away (humans are good at that). If it's subtly
wrong, it probably won't kill anybody -- medicine isn't *that*
precise.  I remember being somewhat shocked at how imprecisely
pharmaceutical units are defined or measured (how big is a "drop"?).

And as the OP points out, the accuracy ratio is better compared
to hand-calculation anyway, so while some hypothetical ADA-based
solution might be even more reliable, it seems like the problem
is getting solved.

Cheers,
Terry



-- 
Anansi Spaceworks
http://www.anansispaceworks.com

More information about the Python-list mailing list