lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: GOOD: A legal fix for software flaws?

In some mail from Valdis.Kletnieks@...edu, sie said:
> 
> There's just one little problem with your logic:
> 
> Unless the law specifically prohibits disclaimer of liability, there's no=
> thing
> illegal about a clause that does so.  And in the best "be careful what yo=
> u wish
> for, as you may get it", you might want to go back and re-read clause 11 =
> and 12
> of the GPL, Version 2, and ask yourself if *ANY* GPL'ed software would ge=
> t
> released if that clause was illegal.  If it was in fact illegal to discla=
> im
> liability, clause 7 would totally prohibit you from distributing it *AT A=
> LL*.
> 
> Then there's the issue of mom-n-pop software shops and small consulting
> firms - they can't hide behind a "we're giving it away for free" clause i=
> n the
> hypothetical law, but they'd be insane to stay in business without softwa=
> re
> liability insurance.   How many insurance companies are offering *THAT*
> at rates a 2-5 person consulting firm can afford?

I, for one, would not cry if the law made it impossible to sell or
provide GPL'd software to people because it could not be provieded
with a disclaimer.

Sooner or later the software industry needs to grow up and take
responsibility for the crap that it unloads onto the world,
pretending it to be a product worth using.  GPL software especially.

The real problem is nobody thinks they need to pay for software.

If you could buy a version of windows for $20000 that had no security
holes and was well enough designed that you didn't need a new copy for
10 years or so, no hotfixes or security patches required, would you
pay that much money for it?  Lets assume, for the sake of the
question that the software in question was, in fact, that good.
I wonder, would anyone?  Personally, I doubt it, outside of Government
and business, that is.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ