zlacker

>>> when faced with a choice between being liable for their own code or being liable for open source code, most companies will choose to write their own code.

Not even FAANG can achieve this for 1/10th of the code they rely on.

>>lifeis+(OP)
Hmm. They can probably find other companies willing to sell them support contracts, and take on that liability. Even for things that are open source. You're back to the old enterprise software model then, really, even if the code in question is "officially" open source. You won't be able to run versions that your supplier hasn't certified, and the rate of change will slow to a crawl.

>>lifeis+(OP)
A capitalistic corporation seem to be a terrible way to maintain software since the "means of production" is in the workers' heads. Especially with these new management fads punishing loyalty. The attrition just makes stuff collapse from unknown complexity.

It is not surprising that volunteer run projects kinda can keep up.

>>flir+K1
> You won't be able to run versions that your supplier hasn't certified, and the rate of change will slow to a crawl.

Interesting times indeed. Though I think open source software generally is reliable enough that companies will simply continue business as usual and take on all the liability. They have enough deep pockets to pay compensation that one time something goes wrong, or at least that's my impression.

>>flir+K1
No, they can't. Paying for all code by paying employees or paying third parties is still paying for all code. That's not feasible. The EU regulators are simply nuts.

>>crypto+Gl
The hypothetical company that warranties log4js is selling many of those contracts, but only doing the authentication work once for each release.