undefined | Better HN

0 pointsProAm7y ago0 comments

> Sounds like you're suggesting that we criminalize software bugs.

When there is irreparable damage I believe it should be criminalized. You cannot regain privacy after an incident such as this, it is irrevocably taken from you against your will.

0 comments

UncleMeat7y ago

Suppose there is a bug in the Linux kernel. Some business runs their webservers on Linux. They have user email addresses (PII). Is Linus responsible for breaches? If so, then OSS dies. If not, then how do you intend to prove that their are no vulns in any of your dependencies for the rest of time?

AlexandrB7y ago

This is silly. If I build my bridge with equations I find on mathoverflow, the forum is not responsible for my bridge collapsing.

If you’re using OSS for mission-critical software you must either ensure that it’s fit for purpose or pay someone to do it for you. Nothing in the Linux Kernel documentation suggests that it can/should be used for flying airplanes of securing PII without doing additional due diligence.

pixl977y ago

The person storing the data is the one responsible for securing the data. Everyone keeps trying to push data security up the stack, but the company/ individual collecting it is the responsible party.

j / k navigate · click thread line to collapse