[Fedora-legal-list] ssh enable and firewall open for sshd connection by default after install who's legally liable?.

["Jóhann B. Guðmundsson"]

We were discussing this [1] a bit here at the office when a co worker 
who was part of the conversation ( non IT ) guy was listening in and 
dropped in the question if an end user computer is compromised who would 
be legally liable for any harm and financial loss that might be caused by.

Which got us a bit baffled since we dont speak legalize so it would be 
good if this gets cleared for us.

The argument he was making was that if an end users computer gets 
compromised due to a default configuration not an exploited bug in 
software and it can be proven without an shadow of doubt that that it 
was the cause for the harm and any financial loss that the...

The novice end user as has absolutely no idea what ssh is and what it's 
used for.

The end user has not agreed to have read any documentation that may or 
may not mentioning this being enabled.
( I'm not sure if we mention that it is enabled on the DVD )

There is no mentioning of it being enabled during or immediately after 
install or after a user logged in for the first time.

There is no apparent option for the end user to disable it either during 
or after install  or after a user logged in for the first time

If the above holds true then the project in question would be liable for 
any harm/financial loss caused by .

So who's liable in this scenario..

Is it the end user?
Is it the network provider?
Is it the entity that is responsible for the network the end user is 
connected to.?
Is it Red Hat/Fedora ?

Did FESCO contact the legal team when it revisited [2] and sanctioned 
which service where permitted to be enabled by default as specific 
exceptions?

Thanks
            JBG

1. http://lists.fedoraproject.org/pipermail/security/2011-May/001483.html
2. https://fedoraproject.org/wiki/Starting_services_by_default