> Hobby projects that prove useful have a tendency of starting to be used in production code

Even if that is true, how is that the authors problem? The license clearly states that they're not responsible for damages. If you were developing such a serious project then you need the appropriate vetting process and/or support contracts for your dependencies.

▲

layer8 14 hours ago | parent [-]

I didn’t say it’s the author’s problem. It’s a problem with the code.

▲

ethanwillis 12 hours ago | parent [-]

Why play all these semantic games? You're saying it's the author's problem. You want them to even edit their readme to include warnings for would be production/business users who don't want to pay for it.

▲

layer8 9 hours ago | parent | next [-]

GP is arguing about licences. Yes, formally there is no obligation, and I'm not saying the author has any such obligation.

In the present case, either the missing overflow check in the code is by mistake, and then it's warranted to point out the error, or, as I understood GGGP to be arguing, the author deliberately decided to neglect safety or correctness, and then in my opinion you can't reject the criticism as unwarranted if the project's presentation isn't explicit about that.

I'm not making anything the author's problem here. Rather, I'm defending my criticism of the code, and am giving arguments as to why it is generally good form to make it explicit if a project doesn't care about the code being safe and correct.

▲

president_zippy 6 hours ago | parent | prev [-]

[flagged]

	▲	lixtra 4 hours ago \| parent [-]
		Layer8 DID the thing though, skimmed through the code and thought about security issues.