[Fedora-legal-list] ssh enable and firewall open for sshd connection by default after install who's legally liable?.

Paul W. Frields stickster at gmail.com
Thu May 19 15:17:56 UTC 2011 

On Thu, May 19, 2011 at 12:08:05PM +0000, "Jóhann B. Guðmundsson" wrote:
> We were discussing this [1] a bit here at the office when a co worker 
> who was part of the conversation ( non IT ) guy was listening in and 
> dropped in the question if an end user computer is compromised who would 
> be legally liable for any harm and financial loss that might be caused by.
> 
> Which got us a bit baffled since we dont speak legalize so it would be 
> good if this gets cleared for us.
> 
> The argument he was making was that if an end users computer gets 
> compromised due to a default configuration not an exploited bug in 
> software and it can be proven without an shadow of doubt that that it 
> was the cause for the harm and any financial loss that the...
> 
> The novice end user as has absolutely no idea what ssh is and what it's 
> used for.
> 
> The end user has not agreed to have read any documentation that may or 
> may not mentioning this being enabled.
> ( I'm not sure if we mention that it is enabled on the DVD )
> 
> There is no mentioning of it being enabled during or immediately after 
> install or after a user logged in for the first time.
> 
> There is no apparent option for the end user to disable it either during 
> or after install  or after a user logged in for the first time
> 
> If the above holds true then the project in question would be liable for 
> any harm/financial loss caused by .
> 
> So who's liable in this scenario..
> 
> Is it the end user?
> Is it the network provider?
> Is it the entity that is responsible for the network the end user is 
> connected to.?
> Is it Red Hat/Fedora ?
> 
> Did FESCO contact the legal team when it revisited [2] and sanctioned 
> which service where permitted to be enabled by default as specific 
> exceptions?

The Fedora distribution itself is wrapped with GPLv2, which includes a
"no warranty" statement.  To what extent does that not apply?

-- 
Paul W. Frields                                http://paul.frields.org/
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
  http://redhat.com/   -  -  -  -   http://pfrields.fedorapeople.org/
Red Hat Summit/JBossWorld -- Register now!  http://.theredhatsummit.com

More information about the legal mailing list