[ksml]

The WD response to the original bug report (from https://www.wizcase.com/blog/hack-2018/):

> The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle.

So support can be discontinued after two years after introducing a product??? That's ridiculous. It's not even like this was a one-off product and they're no longer supporting that line of work. WD still sells MyBooks.

[gogopuppygogo]

Support can be ended at any time and leave you hanging when relying on proprietary software.

The fallout from this will be worse for western digitals brand than just patching the cloud service or smartly shutting it off if they weren’t going to support it.

[makeitdouble]

If they sold it in the EU I think legally they have at least 2 years of support to do. Assuming the software not working directly affects the devices sold abilities.

[qwertox]

I don't think so. The seller (not the manufacturer) has to make sure that the device is free of faults for up to two years. The first 6 months it's up to the seller to prove that the device had no issues in the first place, afterwards it it up to the buyer to prove that the device was faulty to begin with.

The manufacturer can only provide a warranty and exclude a lot from it. Like Motorola does with the batteries of the smartphones, which only have 3 months of warranty. The seller has to cover the 2 years.

There is no obligation to support a device, like to provide firmware to fix bugs. If the hardware/firmware has a bug, it is a defect, which entitles you to a fault-free replacement within 2 years.

[makeitdouble]

I’m not sure it’s so limited:

https://europa.eu/youreurope/business/dealing-with-customers...

In particular there is mention of purpose:

> is not fit for purpose - either its standard purpose or a specific purpose ordered by the customer which you accepted

[qwertox]

The page you link to does not refer to the manufacturer, but to the seller.

The seller will tell you to send the item to the manufacturer to check if it is a "warranty" case. You, on the other hand, will tell your seller that you won't do that, that you will send the product to him, and that the will have to check if it is covered by the "legal warranty" (notice the difference between just "warranty" of the manufacturer, and "legal warranty" of the seller). It is up to the seller then to forward the product to the manufacturer or to provide you directly a replacement or repair it himself.

If you send it to the manufacturer, like the seller wanted you to, the manufacturer can send it back to you untouched, saying it is not covered by his "warranty". You will have to pay the shipping. Then you will have to send it to the seller, and also let him know that you had to pay for shipping to the manufacturer, that you'd like that money back as well, which the seller can reject (but probably won't).

The seller is in a worse position than the manufacturer, because only he is bound to the the things mentioned on the page you linked to.

[makeitdouble]

There is a difference between the seller and the maker. But as the customer is supposed to be covered one way or another for 2 years, does it really matter in the end ?

For instance Apple had to extend its warranty to 2 years in europe, while leaving it at one year everywhere else for a while. The same way, most sellers won’t deal with makers that will put them on the spot for repeated repairs down the line.