fr0de0xaApr 4, 2024
Sebin Nyshkim

"What it means is that there is no supply chain here. Because there is no supplier. I am not providing you something that you bought from me. There is no relationship. I put something online because I wanted to. The fact you made your product depend on it is your responsibility. Not mine. Not the one of the providers. We provide libraries. We do not supply them. You cannot apply rules to me. [โ€ฆ] So all your Software Supply Chain ideas? You are not buying from a supplier, you are a raccoon digging through dumpsters for free code. So I would advise you to put these rules in the same dumpster."

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ

https://www.softwaremaxims.com/blog/not-a-supplier

#xz

I am not a supplier

For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

Musings about software
Apr 2, 2024 at 9:03pmWeb
Show threadเฒšเฒฟเฒฐเฒพเฒ—เณ ๐ŸŒนโœŠ๐Ÿพโ“‹๐ŸŒฑ๐Ÿ‡ต๐Ÿ‡ธ (he/him)Apr 3, 2024
@SebinNyshkim h/t @Di4na
Show threadGiles GoatApr 4, 2024

@SebinNyshkim

I can GUARANTEE you that there is "commercially supplied SW" where you PAY for that if you read CAREFULLY the too-big-to-be-read EULA somewhere says something like "by installing this SW you accept all responsibility, we won't be responsible if you'll loose everything and/or your PC will go on fire, we never said this SW has any particular purpose or use and we never actually said it should be installed anywhere" it's all very well studied so you can't claim anything ๐Ÿ˜

Show threadAndreas FinkApr 5, 2024
@SebinNyshkim very true. Too many "programmers" are copy & paste kids whi piggy back on work of other developers without giving anything back. So no surprise we have so many issues in todays software. And AI will make it 10x worse because now its a super dumb computer doing copy & paste. Disaster is preprogrammed
Show threadMike Taylor ๐Ÿฆ•Apr 7, 2024

@SebinNyshkim There IS a supply chain. But the link in the chain is not the person who put the software online, it's the person you pay to provide you with support for it.

And if you don't pay someone to support it? THEN there is no supply chain.

But the absence of chain is (as you were saying, of course) entirely the fault of the consumer of the software.

Show threadMike Taylor ๐Ÿฆ•Apr 7, 2024
@SebinNyshkim (And yes, I realise I'm not really saying anything the article doesn't say.)
Show threadKevin Granade has movedApr 7, 2024
@SebinNyshkim I prefer the term "dealer" anyway :D