zlacker

[return to "Open source liability is coming"]
1. theLim+45[view] [source] 2023-12-29 18:31:53
>>daniel+(OP)
This is ridiculous, all blame/liability should lie with either the provider of commercial software who chooses to rely on open source software or the end user for relying on free/open source software.

I personally will not allow people in the EU to use any software I write going forward, I imagine other open source developers will take these steps as well.

◧◩
2. within+P5[view] [source] 2023-12-29 18:35:59
>>theLim+45
This seems a bit extreme, it isn't even a law yet (or anywhere close).

That being said, if you don't audit your open source libraries, you should be held liable. I've seen open source encryption libraries do some really dumb things that I wouldn't touch with a ten foot pole. Yet they are some of the more popular ones.

◧◩◪
3. anonzz+z7[view] [source] 2023-12-29 18:43:50
>>within+P5
People are just npm installing whatever without even checking the github stars or usage; not that that says anything but not even that. As a bare minimum devs should check if their libraries have robust testing, are maintained by people who have the time to do so etc. A lot of open source libraries are really bad and if you are building commercial (packaged / saas, doesn't matter) software on top of that, you definitely should be held liable if that causes harm. This lazy behaviour should end as it indeed does cause horrible messes.

This over the top article is, I guess, pointing to open source software that's used by an individual directly from the source as an enduser and then causes harm, not to parts of commercial software that includes open source software when they talk about holding open source devs liable.

[go to top]