Comments on: Computer security and liability—my thoughts http://therning.org/magnus/archives/325 Incoherent mumblings Fri, 05 Dec 2008 10:14:18 +0000 http://wordpress.org/?v=2.6.3 By: Simon Farnsworth http://therning.org/magnus/archives/325#comment-84382 Simon Farnsworth Mon, 29 Oct 2007 09:33:18 +0000 http://therning.org/magnus/archives/325#comment-84382 <p>I'd go slightly further than you, and require that sellers either accept liability for faults in their product, or grant buyers all but one of the <a href="http://www.fsf.org/licensing/essays/free-sw.html" rel="nofollow">FSF's four freedoms.</a></p> <p>In particular, I would require that sellers wishing to disclaim liability grant freedoms 0, 1 and 3, where the only way to exercise freedom 3 is to provide patches against the vendor source.</p> <p>Thus, I can examine the source for vulnerabilities; I can fix them for myself (and run the fixed version); finally, I can publish my fixes for the benefit of other customers, or I can offer to sell my fixes to the vendor and other customers.</p> I’d go slightly further than you, and require that sellers either accept liability for faults in their product, or grant buyers all but one of the FSF’s four freedoms.

In particular, I would require that sellers wishing to disclaim liability grant freedoms 0, 1 and 3, where the only way to exercise freedom 3 is to provide patches against the vendor source.

Thus, I can examine the source for vulnerabilities; I can fix them for myself (and run the fixed version); finally, I can publish my fixes for the benefit of other customers, or I can offer to sell my fixes to the vendor and other customers.

]]>