On Sat, 17 Jan 2004 21:02:16 +0100, jan.muenther@nruns.com said: > I'd love to see liability laws applied. I can't think of anything that would stop Open Source in its tracks faster. What would have been the last Apache release before they gave up, if they had been open to lawsuits for each security hole? When would Linus have thrown in the towel? Probably LONG before OSDL stepped in. It sucks to be a college student with a lawsuit. How many other open source projects would just pack up and leave if they had to worry about lawsuits? Remember - it's not just security, it's reliability. Would the mySQL guys have done it if they had to worry about a lawsuit every time mySQL crashed and corrupted a database? Would Larry Wall have done Perl if he had to worry about a lawsuit when some Perl bug hosed up a CGI and took out a web server? For that matter, is there *anybody* out there who'd release software if they knew they could be sued if their software crashed? Comparing liability for software to (for instance) liability for car manufacturers is a total red herring. Car design is well understood, but even more importantly, the class of hazards to design against is fairly restricted. You build a prototype, and if you beat the hell out of it for a few days at the test track, you almost certainly have almost all the oddball cases covered. Tight turn, wet pavement, something jumps in front of you, and cars will behave pretty much the same. The outcome depends only on your speed, your tires, your car's mass, and the general mass of the animal. The difference with software is that if it's an SUV, it doesn't catch fire if it's a green bear, but the back hatch pops open if it's a purple bear. But then, maybe it does - SUVs never run into green or purple bears. But software does. All the time.
Attachment:
pgp00032.pgp
Description: PGP signature