zlacker

[parent] [thread] 5 comments
1. within+(OP)[view] [source] 2023-12-29 18:35:59
This seems a bit extreme, it isn't even a law yet (or anywhere close).

That being said, if you don't audit your open source libraries, you should be held liable. I've seen open source encryption libraries do some really dumb things that I wouldn't touch with a ten foot pole. Yet they are some of the more popular ones.

replies(2): >>Rambli+I >>anonzz+K1
2. Rambli+I[view] [source] 2023-12-29 18:39:34
>>within+(OP)
Why should I be held accountable if you just run some code you found on GitHub? Am I reliable when I sell hammers and you bash your face in?

/e: let me clarify, I agree with the three comments under me. You, the commercial entity using my code, is accountable. I am not liable if you as a private person run my shitty code. I was thinking of private persons and being on the hook for my GitHub repos.

replies(3): >>sevagh+21 >>within+o1 >>jacobl+92
◧◩
3. sevagh+21[view] [source] [discussion] 2023-12-29 18:41:23
>>Rambli+I
No no, you should be held accountable if _you_ run some code you found on GitHub in your product that I pay you for.
◧◩
4. within+o1[view] [source] [discussion] 2023-12-29 18:42:39
>>Rambli+I
I don't think it's like that.
5. anonzz+K1[view] [source] 2023-12-29 18:43:50
>>within+(OP)
People are just npm installing whatever without even checking the github stars or usage; not that that says anything but not even that. As a bare minimum devs should check if their libraries have robust testing, are maintained by people who have the time to do so etc. A lot of open source libraries are really bad and if you are building commercial (packaged / saas, doesn't matter) software on top of that, you definitely should be held liable if that causes harm. This lazy behaviour should end as it indeed does cause horrible messes.

This over the top article is, I guess, pointing to open source software that's used by an individual directly from the source as an enduser and then causes harm, not to parts of commercial software that includes open source software when they talk about holding open source devs liable.

◧◩
6. jacobl+92[view] [source] [discussion] 2023-12-29 18:45:31
>>Rambli+I
I think you might be misreading it. The person who ships the product commercially is liable. If you sell them your code, you'd be liable but if they just use your open source code, they are liable for any potential issues in their program caused by your code (instead of you being liable).

Basically they can't just brush off responsibility for using FOSS code by saying "well I didn't write it, it's not my fault" unless you as the FOSS developer are selling them a support contract for any potential issues in your code.

[go to top]