[Fedora-legal-list] ssh enable and firewall open for sshd connection by default after install who's legally liable?.
Paul W. Frields
stickster at gmail.com
Thu May 19 15:17:56 UTC 2011
On Thu, May 19, 2011 at 12:08:05PM +0000, "Jóhann B. Guðmundsson" wrote:
> We were discussing this [1] a bit here at the office when a co worker
> who was part of the conversation ( non IT ) guy was listening in and
> dropped in the question if an end user computer is compromised who would
> be legally liable for any harm and financial loss that might be caused by.
>
> Which got us a bit baffled since we dont speak legalize so it would be
> good if this gets cleared for us.
>
> The argument he was making was that if an end users computer gets
> compromised due to a default configuration not an exploited bug in
> software and it can be proven without an shadow of doubt that that it
> was the cause for the harm and any financial loss that the...
>
> The novice end user as has absolutely no idea what ssh is and what it's
> used for.
>
> The end user has not agreed to have read any documentation that may or
> may not mentioning this being enabled.
> ( I'm not sure if we mention that it is enabled on the DVD )
>
> There is no mentioning of it being enabled during or immediately after
> install or after a user logged in for the first time.
>
> There is no apparent option for the end user to disable it either during
> or after install or after a user logged in for the first time
>
> If the above holds true then the project in question would be liable for
> any harm/financial loss caused by .
>
> So who's liable in this scenario..
>
> Is it the end user?
> Is it the network provider?
> Is it the entity that is responsible for the network the end user is
> connected to.?
> Is it Red Hat/Fedora ?
>
> Did FESCO contact the legal team when it revisited [2] and sanctioned
> which service where permitted to be enabled by default as specific
> exceptions?
The Fedora distribution itself is wrapped with GPLv2, which includes a
"no warranty" statement. To what extent does that not apply?
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
Red Hat Summit/JBossWorld -- Register now! http://.theredhatsummit.com
More information about the legal
mailing list