[thinkski]

The license plainly states the software might not work and comes with no guarantees of it not breaking things:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

[bawolff]

In this case i don't think he should face legal problems, but people throw this around like its a blank cheque. I hardly think that's true.

Like imagine someone found out their package was being blindly used in a life critical application and the maintainer intentionally sabotaged it. Yes it would be the fault of the people who used it blindly, but im pretty sure the license wouldn't get the maintainer off of murder charges.

[db48x]

There would be no murder charges in that case. The developer of the “life critical application” has sole and ultimate responsibility to ensure that their product works as advertised. The developer of a dependency that they happen to use has no such responsibility. If the application developer updated his dependencies and then didn’t bother to verify that the application still works correctly, then that would be open and shut negligence.