At 06:56 AM 8/10/99 , David Harris wrote:
>Sam [mailto:[EMAIL PROTECTED]] wrote:
> > I presume then you leave your telnet port open on your servers because,
> > after all, it is secure.
>
>I presume you never make a mistake programming.
>
>You can't have it both ways. If you place the following disclaimer on your
>SqWebMail site, please don't get ticked off when people don't want to use your
>code because it is set-uid root.
>
> "This is alpha code. It may crash. Your hard drive
> may catch fire as a result of using this CGI client.
> It may not work at all. It may work, but have a
> security hole or exploit, somewhere."
>
>...or you don't stand behind that disclaimer and have no problem being
>personally liable for any security exploits your software might have?
There's a problem with logic in there. A disclaimer is an 'official'
notification of sorts to the consumer that under no circumstances can the
author be held responsible if there are problems with the product - because
you, the consumer, have been duly warned that there may be problems. A
disclaimer is not a statement that there _are_ problems, only notification
that all eventualities cannot be anticipated - the future can't be
predicted. You'll find such disclaimers on virtually all operating systems
and software out there - simply because it is *impossible* to guarantee
that software will never break under any circumstances, including
circumstances as yet undiscovered. "Standing behind" a disclaimer is an
oxymoron of sorts - "I guarantee that I will not guarantee this software".
----------------------------------------------------------------
Paul Theodoropoulos Advanced TelCom Group Inc.
Senior Unix Systems Administrator Internet Services Division
[EMAIL PROTECTED] Santa Rosa, California, US
Work: http://www.atgi.net Play: http://www.anastrophe.com
