Sebin NyshkimApr 2, 2024

"What it means is that there is no supply chain here. Because there is no supplier. I am not providing you something that you bought from me. There is no relationship. I put something online because I wanted to. The fact you made your product depend on it is your responsibility. Not mine. Not the one of the providers. We provide libraries. We do not supply them. You cannot apply rules to me. […] So all your Software Supply Chain ideas? You are not buying from a supplier, you are a raccoon digging through dumpsters for free code. So I would advise you to put these rules in the same dumpster."

🔥🔥🔥

https://www.softwaremaxims.com/blog/not-a-supplier

#xz

I am not a supplier

For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

Musings about software
Show threadGiles Goat

@SebinNyshkim

I can GUARANTEE you that there is "commercially supplied SW" where you PAY for that if you read CAREFULLY the too-big-to-be-read EULA somewhere says something like "by installing this SW you accept all responsibility, we won't be responsible if you'll loose everything and/or your PC will go on fire, we never said this SW has any particular purpose or use and we never actually said it should be installed anywhere" it's all very well studied so you can't claim anything 😏

Apr 4, 2024 at 3:05pmWeb