Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Thread beginning with comment 358675
To read all comments associated with this story, please click here.
your support contracter is responsible
by spiderman on Wed 15th Apr 2009 14:49 UTC
spiderman
Member since:
2008-10-23

It does not matter who at xorg or at debian put the security hole and who exploit it. guilty != responsible.
The one who is guilty of putting a security hole in software he distributes for free is in no way responsible since you didn't pay him anything to take any responsibility.

Most of the time you have a support contracter that is responsible for those security holes. That can be Red Hat, Novell or Mandriva. If you pay them to patch your machine and ensure security, and the contract says they are responsible, then they are responsible.
If you downloaded a distro for free and have no support contract then you are responsible for whatever happens to your computer.
If you use Windows, then indeed, Microsoft is responsible for fixing security breaches because you paid for that service.

You can't have it all. download it for free and still blame whoever put buggy code in your computer because it is you and you alone. They give you the source code for you to fix it when it is broken, so you fix it or you pay someone to do it. The software is not the service. Microsoft does not give the code but they take responsibility for it.

Edited 2009-04-15 14:54 UTC

Reply Score: 2