Gina HäußgeJun 22

I rarely subtoot, but when I do just to say: if an open source project that your commercial project depends on breaks something in your software stack, causing you trouble, no matter how much, that's your problem and your problem alone.

"The software is provided as is" is a part of OSS licenses for a reason, and unless we have a contract that says otherwise, I'm not part of your bloody "supply chain".

Show threadAlerta! Alerta!Jun 22

@foosel Well, you *are* part of my supply chain. But it means that I have a risk in my supply chain (as with any supplier). A risk that I alone am taking as the license clearly states that you are (rightfully) not liable for anything.

And not the big question is: Am I willing to take that risk? And what ways do I have to mitigate the risk.

And that is usually the point where people realize that - while OpenSourceSoftware is free - it doesn't mean it comes at no cost.

Show threadJakob (Jack/Jackie)Jun 22
@heiglandreas @foosel and in many cases the cost of that risk is still cheaper and better than many closed source commercial solutions ^^'
Show threadAlerta! Alerta!Jun 22
@jakob @foosel In case if OSS I actually can fully see the risk. In closed source I have to trust the vendor....
Show threadAlerta! Alerta!Jun 22

@jakob @foosel OTOH: In that case I have a contract and then it's no longer my problem...

(Until the legal department reads the fineprint that is...)

Show threadSchrank  🐘 (er/ihm)

@heiglandreas @jakob @foosel mitigation is easy, do it like the US and write @bagder an email stating he had to sign some documents.
Or do it like it sounds here: put a lot of pressure, on these lazy, supply chain breaking open source developers. They are shitty people who don’t take the responsibility, they owe the product!*

*talking about me here, just to avoid any misunderstanding!

Jun 22 at 9:51pmWeb