Hacker News new | ask | show | jobs
by pjmlp 905 days ago
Small businesses and solo-entrepreneurs have to deal with liability and permits all the time in other fields, even actual street bazaars for that matter, exception being when there is some "flexibility" between the laws and how they happen to be applied.
3 comments
zajio1am 905 days ago
> Small businesses and solo-entrepreneurs have to deal with liability and permits all the time in other fields,

In other fields there is a direct relation between number of customers and liability.

But if i offer free software and also offer commercial support for it, and because of that i would be liable to everyone who uses that software, not just to those who pay for commercial support, then there is no relation between number of customers and liability, and liability cannot be really priced-in.

link
charcircuit 905 days ago
It can be priced in you just change the minimum price from $0 to how much liability would cost you.
link
zajio1am 905 days ago
If every user has to pay the minimum price then the software would not be free software, by definition.
link
throwaway231228 905 days ago
No.

https://www.gnu.org/philosophy/free-sw.en.html

link
throwaway231228 905 days ago
It would be a huge gamble if the "0$ version" (e.g. GitHub repo) gets more popular that anticipated and the one with the bigger price tag not growing accordingly and the whole risk calculation falls apart.

There is always the possibility to only offer the priced version, even if it is free software. Someone else could of course redistribute it and then it would be their responsibility. That would be a less convenient world.

An open question certainly also is, when it becomes a product? Source Code alone (inredients)? Or executable form (usable)?

link
davorak 904 days ago
> There is always the possibility to only offer the priced version, even if it is free software. Someone else could of course redistribute it and then it would be their responsibility.

I thought the CRA would make the original distributor responsible for what they distributed. So A distributed to B and B redistributes to C, A is still has responsibilities to C. B might also have be in trouble when something goes wrong but B redistributing does not shield A to my understanding.

link
zaphar 905 days ago
The minimum price for the software can't be changed. It's open source. Once it's out you can't undo it. You will have users paying $0 to use it for what amounts to forever.
link
SOLAR_FIELDS 905 days ago
I’m curious what the liability and permits being discussed are here. Because the permit required to prevent some Joe Schmoe from selling me a tainted brownie off a street cart feels a little bit different and perhaps difficult to compare to software
link
zmgsabst 905 days ago
What’s different between a baker liable for flour content and an SDE liable for packaged library vulnerabilities?
link
giantg2 905 days ago
Standardized food safety practices, pre-approved and comparatively trivial recipes, state/county inspections, etc. None of which apply to software. One is fairly trivial and standardized. The other is massively complex, rapidly changing, and unable to be boiled down to a standard set of trivial procedures.

And to answer your question more directly, the flour itself causes the damage. The vulnerability is only damaging if a malicious actor takes advantage of it.

link
beedeebeedee 905 days ago
> Standardized food safety practices

Food safety practices only became standardized after regulation was enacted.

> pre-approved and comparatively trivial recipes

That sounds like most software development.

I think you are unwittingly making the case that software development is a lot like food production. Software development is only beginning to get regulated because it is only now reaching the level where it is hazardous to public safety, unlike food production which reached that a long time ago.

link
giantg2 905 days ago
"Food safety practices only became standardized after regulation was enacted."

Because you actually can standardize them. Software isn't so simple.

"> pre-approved and comparatively trivial recipes

That sounds like most software development."

Lol no that does not. Why wouldn't high school graduates or drop outs work in software instead of at fast food? The number of languages, frameworks, patterns, etc are much more complex than basic sanitation and time/temp/acidity.

link
kube-system 905 days ago
> Because you actually can standardize them. Software isn't so simple.

It isn't simple due to choice, not due to the nature of software. Software is relatively simple compared to other meat-space engineering disciplines. Software engineering is an relatively immature engineering discipline, but it is implicated in enough safety critical systems these days that it is about time to start maturing.

It will be painful but I welcome more software regulatory standards, because it is necessary for our trade to mature.

link
erik_seaberg 905 days ago
Knuth’s code has bugs. NASA’s code has bugs. I would like to think that someday our profession might be able to achieve high enough quality to survive with liability, but today nobody is close to that at all.
link
gavinhoward 905 days ago
I think that liability shouldn't require perfection, just close enough as long as the criteria is objective.

I personally think that any criteria that SQLite and Curl can't pass is too strict.

link
marcinzm 905 days ago
The same difference as there is between a baker liable for flour content and you being liable for flour content when sharing some home made cookies with your co-workers.
link
whalesalad 905 days ago
So why pile on even more? Terrible justification tbh. It’s hard for a small business or indie developer. The odds are against you.
link
pjmlp 905 days ago
Just like in any business.
link