Software agreement/consequential liability

[Andrew Stephens]

Hi

My team has been using Inno Setup for several years now, on a dozen or so products, but our IT overlords have embarked on a review of all software across the organisation (we're part of a large US-owned multinational) with a view to banning anything that isn't "compliant", and unfortunately Inno Setup is one such product in their sights. This is an extract from their email:

This software appears to be “source available” rather than “open source” – both are free; however the “source available” software is not governed by a recognized open-source license agreement.  The license agreement of this application is very limited and does not meet any of our requirements for a software agreement, the most significant of which is to provide a cap on consequential damages. The other items that we look for in a license agreement are:-

• An indemnification by the vendor against third-party claims for intellectual property infringement
• The agreement should be signed by both parties
• The agreement should be governed by English Law
• The agreement should state that it cannot be changed unless via written instrument signed by both parties
• There’s no language to state how to terminate the agreement

 Your options at this point are:- 

• Ask the vendor/author if they will amend their license agreement to be compatible with our requirements.  Unlikely as there is more that one copyright holder and the software is zero cost.
• If the software is critical for use in your organisation ask for approval via your BU and Divisional management to compliant with the DLA.
• Seek commercial or open source software with a license agreement that is acceptable.

We've been warned that the chances of getting an exception/approval to use Inno Setup is unlikely, and I obviously don't want to have to ditch the software. Any thoughts regarding your license? I appreciate that it's an emotive subject with it being a free product.

Regards

Andy

[Eivind Bakkestuen]

It might help if you would outline what type of ready-made open source licenses your company *does* approve, thus making the author's research and reply more targeted.

I'm curious how this would happen:

"The agreement should be signed by both parties"

Are you seeking explicit agreements with every individual software vendor you are using?

--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/8a6e0931-0d0f-4d8a-8f6c-2661029617e3n%40googlegroups.com.

[Andrew Stephens]

I believe the first bullet list covers their concerns, with the main issue being that the license makes no mention of a "cap on consequential damages" (whatever that means). I've also been told separately that they are concerned about JR Software being a one (two!) man band, and the risks that go with this (i.e. what happens when the authors retire/die). Crazy I know, but as the saying goes: don't shoot me, I'm just the messenger. The company I work for is in the UK and one of 60+ companies in this worldwide corp. I have no direct contact with the corporate IT or legal departments in the US, who have instigated all this, and am being kept informed via our on-site IT guy, who in turn gets his information from the UK IT unit. The joys of working for a multinational...

I can't comment on your questions around how things would happen. Perhaps the part about the agreement being signed by both parties is just legal-speak? If this was to happen then in some ways that might provide a means for JR Software to "tailor" a license for us, but like you said, it would surprise me if their plan is to do this with every individual software vendor (and I personally think they have made their minds up already about Inno Setup).

As I write this, corporate IT have now said they are happy for us to continue using Inno Setup for 1 year, which I've interpreted as "we want you to migrate to a commercial product before then". We're still waiting on a decision from corporate legal who might overrule this decision (worst case scenario being that we are told to stop using Inno Setup immediately). 

[Bill Stewart]

On Tuesday, March 26, 2024 at 7:50:24 AM UTC-6 Andrew Stephens wrote:

I believe the first bullet list covers their concerns, with the main issue being that the license makes no mention of a "cap on consequential damages" (whatever that means).

IANAL, but it seems to be the stipulations they are trying to enforce would be very problematic in regards to any source-available software of any kind.

The license agreement for Inno Setup is here:

https://jrsoftware.org/files/is/license.txt

Bill

[Eivind Bakkestuen]

My guess, somebody has a grudge against "source available" or "open source" in general.

Given no suggestions are forthcoming regarding any possible common open source licenses that would be appropriate to adopt, I'd say the request is set up for failure.

--

You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/ab18696a-643a-4bfd-9d00-c9bf6ff37400n%40googlegroups.com.

[Martijn Laan]

This software appears to be “source available” rather than “open source”

Inno Setup's license is basically the same as the zlib/libpng license which is approved by the Free Software Foundation and the Open Source Initiative as free software and open source respectively.

Greetings,

Martijn

[Desmond Aubery]

All this for free, tried and tested software? In other words a labour of love and greatly-appreciated service to the greater software industry.

Tell your overlords that they are ungrateful wretches. Shame on them. 

BR/DA

--

You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/8a6e0931-0d0f-4d8a-8f6c-2661029617e3n%40googlegroups.com.

[Martin Ba]

FWIW, and I agree that these situations are extremely frustrating, I suggest the following as a last resort (I know central IT might not care, but the management chain will):

* Find another (commercial) product that somehow ticks your boxes. (No need to go overboard with this; just rough estimate.)

* Check it's costs for your use case. (be generous here)

* Estimate how much work a complete re-write of your installers would be. (e.g. here, I guess, this would amount to months rather than weeks)

Clearly communicate the costs that removing Inno would incur.

Then it is up to the company to decide what it wants.

Of course, the much better option would be to get someone to actually read the https://jrsoftware.org/files/is/license.txt and recognize it for the Open Source license that it is. :-)