zlacker

[return to "Debian Statement on the Cyber Resilience Act"]
1. pjmlp+Cm[view] [source] 2023-12-28 00:03:03
>>diyftw+(OP)
Small businesses and solo-entrepreneurs have to deal with liability and permits all the time in other fields, even actual street bazaars for that matter, exception being when there is some "flexibility" between the laws and how they happen to be applied.
◧◩
2. SOLAR_+Jn[view] [source] 2023-12-28 00:14:51
>>pjmlp+Cm
I’m curious what the liability and permits being discussed are here. Because the permit required to prevent some Joe Schmoe from selling me a tainted brownie off a street cart feels a little bit different and perhaps difficult to compare to software
◧◩◪
3. zmgsab+jp[view] [source] 2023-12-28 00:32:03
>>SOLAR_+Jn
What’s different between a baker liable for flour content and an SDE liable for packaged library vulnerabilities?
◧◩◪◨
4. giantg+1q[view] [source] 2023-12-28 00:38:10
>>zmgsab+jp
Standardized food safety practices, pre-approved and comparatively trivial recipes, state/county inspections, etc. None of which apply to software. One is fairly trivial and standardized. The other is massively complex, rapidly changing, and unable to be boiled down to a standard set of trivial procedures.

And to answer your question more directly, the flour itself causes the damage. The vulnerability is only damaging if a malicious actor takes advantage of it.

◧◩◪◨⬒
5. beedee+It[view] [source] 2023-12-28 01:14:01
>>giantg+1q
> Standardized food safety practices

Food safety practices only became standardized after regulation was enacted.

> pre-approved and comparatively trivial recipes

That sounds like most software development.

I think you are unwittingly making the case that software development is a lot like food production. Software development is only beginning to get regulated because it is only now reaching the level where it is hazardous to public safety, unlike food production which reached that a long time ago.

◧◩◪◨⬒⬓
6. erik_s+HA[view] [source] 2023-12-28 02:25:32
>>beedee+It
Knuth’s code has bugs. NASA’s code has bugs. I would like to think that someday our profession might be able to achieve high enough quality to survive with liability, but today nobody is close to that at all.
◧◩◪◨⬒⬓⬔
7. gavinh+BJ[view] [source] 2023-12-28 03:52:33
>>erik_s+HA
I think that liability shouldn't require perfection, just close enough as long as the criteria is objective.

I personally think that any criteria that SQLite and Curl can't pass is too strict.

◧◩◪◨⬒⬓⬔⧯
8. erik_s+el1[view] [source] 2023-12-28 10:56:33
>>gavinh+BJ
The AMA doesn’t require perfection, yet a doctor has to pay six-figure liability insurance premiums for the risk of harming a small fraction of his patients. I don’t have faith that this would be run more practically.
◧◩◪◨⬒⬓⬔⧯▣
9. gavinh+yl2[view] [source] 2023-12-28 17:40:52
>>erik_s+el1
We have that problem in the medical world, but for some reason, we don't have it in the engineering world.

Why? I don't know. Is the medical world just messed up? Or is there something wrong with licensure?

◧◩◪◨⬒⬓⬔⧯▣▦
10. erik_s+Gc3[view] [source] 2023-12-28 22:07:19
>>gavinh+yl2
I think it’s because civil and mechanical engineering weren’t invented from scratch in living memory. We already have some safe, conservative materials and designs for them to reuse.

Our profession is still in a very early stage, sort of like the era of barbers performing surgery.

[go to top]