[Fedora-legal-list] ssh enable and firewall open for sshd connection by default after install who's legally liable?.
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Thu May 19 12:08:05 UTC 2011
We were discussing this [1] a bit here at the office when a co worker
who was part of the conversation ( non IT ) guy was listening in and
dropped in the question if an end user computer is compromised who would
be legally liable for any harm and financial loss that might be caused by.
Which got us a bit baffled since we dont speak legalize so it would be
good if this gets cleared for us.
The argument he was making was that if an end users computer gets
compromised due to a default configuration not an exploited bug in
software and it can be proven without an shadow of doubt that that it
was the cause for the harm and any financial loss that the...
The novice end user as has absolutely no idea what ssh is and what it's
used for.
The end user has not agreed to have read any documentation that may or
may not mentioning this being enabled.
( I'm not sure if we mention that it is enabled on the DVD )
There is no mentioning of it being enabled during or immediately after
install or after a user logged in for the first time.
There is no apparent option for the end user to disable it either during
or after install or after a user logged in for the first time
If the above holds true then the project in question would be liable for
any harm/financial loss caused by .
So who's liable in this scenario..
Is it the end user?
Is it the network provider?
Is it the entity that is responsible for the network the end user is
connected to.?
Is it Red Hat/Fedora ?
Did FESCO contact the legal team when it revisited [2] and sanctioned
which service where permitted to be enabled by default as specific
exceptions?
Thanks
JBG
1. http://lists.fedoraproject.org/pipermail/security/2011-May/001483.html
2. https://fedoraproject.org/wiki/Starting_services_by_default
More information about the legal
mailing list