From: Stewart Stremler <[EMAIL PROTECTED]>
Well, with App P, there's a legally recognized entity that I can sue
if it turns out they provided me with malware; with App O, I have no
idea _who_ would be responsible, aside from myself for failing to
audit and peer review umpty-thousand lines of code.
Read the EULA. All closed source companies expressly deny all warranty,
including the warranty of merchantability (basicly, the promise that they
didn't lie and it does what they told you). Sorry, no can sue.
> With the App_O you don't *need* to trust anyone - you can look a the
> source code yourself (or commission an audit). With App_P you can trust
> neither the source nor its contributors.
I can only audit the source code myself if I have tons of free time
(i.e. I'm unemployed, retired, a student, or independently wealthy); I
can only afford to commission an audit if I have considerable resources
at my disposal (e.g. I am independently wealthy again).
With App_P, I can take legal recourse against the vendor with far
fewer resources than it would take for me to commission an audit.
Have you tried to sue someone lately? I garuntee you an audit is cheaper.
In addition, if its open source, a lot of people are using it, and some
fraction of them *will* examine the code, mainly to audit it. Any huge
problem will come out then. I trust that a lot more than I do Company Foo's
internal processes.
Gabe
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
