Making commercial vendors who rely on open source software liable for bugs is fantastic news, that's how it always should have been. You can't have a commercial company throw their hands up and say "well github.com/cutefuzzypuppy is at fault for writing an open-source npm package we used so harm to our customers is not our fault!"
>But what if you’re just part of a collaborative open source project, give away your app, or if there’s open source code in the product you put on the market? Who gets blamed when open source might be the heart of the problem?
Every other sentence is dripping in "sympathy for open-source creators", but buried in the subtext is "sympathy for the innocent commercial vendors who decided to rely on open-source projects."
>So, how is open-source software implicated? If a commercial software product causes harm, whoever put the software on the market will soon be strictly liable.
Good!
>You will need to prove that your code wasn’t to blame to escape the costs. But what if you’ve embedded open-source code, used open-source tools, or called open-source APIs? Under the pending rules, you’d be liable for any errors in those sources as well, regardless of whether you directly contributed or not.
Better! Now a big evil company _can't_ pass the buck to the unpaid hobby project creator!