Does masquerading conflict with artistic control?

Potentially, yes, though once they've given their complete source
code to Larry/TPF under the Artistic License we can publicly reveal
exactly what they've done. No one would choose to install such code
once they're aware of what it's doing.

If someone were maliciously installing hacked versions of Perl on
people's machines against their will, that would fall into a
completely different legal category, and isn't something for a
license to address.

Other legal tools are helpful too, such as the Perl trademark to
identify versions of Perl that are sufficiently Perl-ish. (This one
definitely would not be.)

If you include every possible warranty disclaimer, it could run for
several pages. You have to draw the line somewhere, and this one fell
on the "unlikely to apply" side.

Allison

For the subset of people paying attention, I agree. For the cases where
it's buried in a larger installation, or the user's consent to the
installation is questionable (e.g. adware), perhaps not. I was thinking
that there's often enough weasel room in "user consent", "permitted access"
and the like to give the Black Hats cover; it'd be nice to have a licensing
hook to deny them use of your tool for evil purposes. Possibly too
proactive, but para 13 got me to thinking about the possible role of a
license in promoting the author's notion of good social behavior.

If someone were maliciously installing hacked versions of Perl on

IANAL, but I don't think this is necessarily true. If you click 'OK' when
the Sony DRM installer asks, the fact that it sneaks in a buggy rootkit
doesn't put it into a different legal category than if it installed a
well-designed userspace agent. (Well, there's the negligence issue, but I'm
not sure to what standard the author is held, especially with the typical
disclaimers of warranty.)

These things said, I really don't want to make a big issue of this. I'd
wondered whether there was some utility to building into the license some
notion that the Package's author had some say over what other works could
represent themselves as the Package. The current effect of the AL is that
the author has no say. That's a defensible point, and maybe even a basic
tenet of "free" software. Just musing . . .


Er, I got sort of lost here. Since the AL explicitly grants anyone the
right to distribute the Package, as long as they say they're doing it, and
implicitly (by making 4(b) one of several options) grants the right to
represent whatever you distribute as the Package, I'm not sure how trademark
helps you. At one level, can you grant someone the right to distribute the
Package named Perl but deny them the right to refer to it as Perl? (Yes,
this depends on how they refer to it: information is different from
advertising, for instance.) At another level, I doubt trademark use impacts
much on what happens when you type C<perl> on the command line.


I got lost here too. My only point was that the warranty the AL presumably
meant to disclaim was an "expressed" warranty (i.e. one stated), rather than
an "express" warranty (i.e. a quick one). The error is so common, though,
that I expect "express warranty" is now considered as a term of art
identical in meaning to "expressed warranty". Again, a trivium.

To the extent that this is useful discussion, thanks for replying. To the
extent that it's soaking up time revisiting settled issues, feel free to
devnull it.

I meant different in the sense that malicious hacking is criminal
behavior even ignoring any question of license, and it's more
appropriate to deal with the problem there. (The Sony DRM installer
is yet another different case.)


Another good place to deal with the problem is through trust
relationships. Sites like SourceForge are useful because they collect
a bunch of software together, but they're also useful because you can
see other users' comments on the software, and because SF has a
policy of removing malicious software.
Think of it like the Apple logo on the back of an iPod. It's a sign
of a reliable source. If someone shipped something that looks like an
iPod without the logo, you'd know it wasn't really an iPod, and you
wouldn't trust it as much. If someone put the logo on cheap knock-
offs without Apple's permission (pretending to be the real thing),
Apple can make them stop. Apple doesn't have the right to prevent
people from making small, rectangular, white MP3 players, but the
trademark gives them a tool to help keep their users from getting
tricked by fakes.
Ah, right, then I misunderstood the comment. Actually, "express" as
an adjective means "stated" too. As in "express wish" or "express
purpose". Not common in modern colloquial usage, but legal language
tends to hang on to older meanings longer. (The etymology of
"express" is fascinating, and hinges around people thinking "express
train" meant it was fast, when it really meant the train was
dedicated to a special purpose. Eventually "fast" became the primary
meaning.)

Allison

What you say makes complete sense. I think we're just working through
slightly different scenarios. I expect that the "informed consumer"
will use cues like this, and potentially more direct links like a GPG
signature on the distribution by a TPF source, to obtain a "trusted"
distribution.

I'm more conceerned about the less knowldgeable or less-well-versed
consumer who decides to install a modfiied package (say, "HyperPerl"
or "Perl++" or "SuperTrafficAnalyzer with Perl!") without realizing
its adverse effects, or even fuzzier situations such as "You clicked
on the attachment to my email advertisement; that consititued
permission for me to replace your Perl with my modified version" or
the the botherder's "Of course the owners of all my machines
consented." This is undoubtedly a fuzzy question, and I'm not sure
what role an open source license has in trying to make dubious (but
not necessarily per se illegal) tactics like this more difficult. It
does seem to me that the potential reputational damage to Perl in
these hypothetical scenarios is appreciable ("Perl-driven worm
propagates rapidly", "Adware distributor claims he only making
legitimate use of licensed software"). Whether the package author
would want to have an enforceable way to interfere with use of the
package in such schemes (and possibly put up with "Artistic License
not free" criticisms along the way) isn't entirely clear, though. It
would probably have little impact among savvy readers, who are likely
to know already that the package author doesn't condone the use in
question. I'm not sure how much practical impact it'd have, or how
much it'd convince a less well informed or less invested audience, who
may focus only on results.
Interesting. I hadn't thought of that as a current usage, but I see
citations in the OED into the 19th century at least, and that doesn't
include legal usage. I type corrected. Serves me right for letting
my prescriptivist streak sneak out in public. That leaves just the
matter of euphony, on which I should be content that the Elizabethans
didn't leave us with something like "expresse and implie" as the
common usage (probably not much risk, since the ppt. of "imply" hung
on enough to give us "implicated" and friends, and "implicat[e]"
doesn't roll off the tongue like "expresse").