[krisoft]

I’m aware of that claim. I can’t verify it of course.

But even if I take it as true, doesn’t mean that DEFCON couldn’t have believed he was subcontracting for EE.

Similarly if it was DEFCON who introduced the firmware author to EE, EE might believe the firmware author is with DEFCON.

Obviously the contracts should be crystal clear about who is with who, and who is responsible for what. We hear that the fimware developer had no contract with anyone. That is very bad. But whose bad it is?

If there is a contract between EE and DEFCON which states clearly that EE is responsible for the firmware that is very bad for EE then.

If there is no contract between EE and DEFCON, or it is not clear enough who delivers the firmware then that is very bad on DEFCON. (I would be surprised if that is the case, but who knows in this whole mess.)

[threatofrain]

What's strange is that Dmitry continued to work for defcon after a stop work order, and also that Dmitry was originally invited to speak on stage (smells like consideration).

Based on the sum of all statements it continues to be very plausible that Dmitry basically had no on-paper relationship with anyone... and did everything on a pure friends and family basis. If so that is a huge awkward fuckup.

Also unfortunate is the possibility that if Dmitry is just some detached party trying to defend Entropic's honor, he basically started a firestorm which burned bridges between Entropic and defcon.

Once Dmitry started the whole thing, defcon immediately attacked the reputation of Entropic by saying they exercised bad faith in business and were incompetent and profligate. Defcon attacked so hard that there was no way to unring that bell. Then Entropic had no choice but to respond to defcon.

[ranger_danger]

> We hear that the fimware developer had no contract with anyone.

I see this occasionally with small companies, usually it's more of a personal request from one of the employees to provide some code on a volunteer basis, perhaps solely because they are passionate about that sort of thing and someone knew that about them.

In the end, if the favor is upheld and they provide the code/binary/whatever to the company (who has a contract to deliver such code), then that company's upstream contract is still fulfilled, technically it doesn't matter that the coder was not an employee or contractor. The only real downside I see for this is legal liability for the company if they end up unable to provide for their customer, but that's between the two of them and their contract, the coder is basically not on the hook for any problems.

[krisoft]

> I see for this is legal liability for the company if they end up unable to provide for their customer,

That is not the only legal liability. If EE has a contract with DEFCON saying that they will give DEFCON the firmware and the rights to distribute it. But EE does not have those rights (because they haven't signed a thing with the developer) that can go very wrong for EE.

Basically the developer can sue DEFCON, since they are distributing his code. DEFCON believes they have the rights to do so, because of their contract with EE, but basically EE is giving away something they don't have. That can be a lot worse than just failing to deliver the contracted firmware. In my opinion.

[ranger_danger]

To me that sounds the same as "unable to provide for their customer".