alt Hacker Newsthat clause - even in all caps - doesn't absolve them like you think it does. A quick example: if credentials were comprimised and malware pushed and it was determined to be due to reasonably preventible negligence an author could be held responsible.
Replies
well_ackshually • today at 3:07 PM
No. Because the only reason you then get hit by this new version with malware is either that you're not pinning your versions (and that's irresponsible), or you're blindly bumping (and that's irresponsible.)
The software is provided as is.
cuu508 • today at 1:59 PM
Does this really happen? Can you provide concrete examples?
Are companies that are compromised by supply chain attacks held responsible for their negligent behavior?
Blindly pulling updates from providers that offer you no contractual guarantees has to be gross negligence right?