| ▲ | skeeter2020 a day ago | |
that clause - even in all caps - doesn't absolve them like you think it does. A quick example: if credentials were comprimised and malware pushed and it was determined to be due to reasonably preventible negligence an author could be held responsible. | ||
| ▲ | trollbridge 2 minutes ago | parent | next [-] | |
No, they wouldn't be "held responsible". There is a great deal of insecure code out there and I have yet to see some open-source author found liable for that. | ||
| ▲ | ahtihn a day ago | parent | prev | next [-] | |
Are companies that are compromised by supply chain attacks held responsible for their negligent behavior? Blindly pulling updates from providers that offer you no contractual guarantees has to be gross negligence right? | ||
| ▲ | well_ackshually a day ago | parent | prev | next [-] | |
No. Because the only reason you then get hit by this new version with malware is either that you're not pinning your versions (and that's irresponsible), or you're blindly bumping (and that's irresponsible.) The software is provided as is. | ||
| ▲ | cuu508 a day ago | parent | prev [-] | |
Does this really happen? Can you provide concrete examples? | ||