On Thu, May 16, 2002 at 14:18 -0700, Christopher Mahmood wrote:
>
> * Gerhard Sittig (Gerhard.Sittiggmx.net) [020516 13:16]:
> > Huh? Didn't we recently have one of these regularly scheduled
> > DJBware threads?
>
> Well, yes OK. I almost wrote "with exception of DJB..." but didn't
> want to start another thread like that.
>
> DJB's guarantee is maybe better described as a $500 reward for
> finding holes.

If this is not a warranty, how else would you define one? Not
only do you get back all the money you invested ($0 for the
software) but on top you get even more (the reward for finding
the hole, paid out of DJB's own pockets). And -- what hasn't
been mentioned above -- the author assures you that the tools
work as designed and announced if you use what the author
released and install it in the way the author told you to. This
is IMHO an adequate request for the provided service. (BTW:
SuSE wouldn't like to support anything the user modified either,
would they? Let's not talk about taking responsibility for
things which are not under your control ... Modifying source
code and locations probably voids your support request as well
as throwing switches in delivered sources (the kernel) makes
the user responsible for his own action. And I'm sure SuSE
wouldn't like to have a publisher grab their distro, manipulate
it, tack it to a newspaper and still call it a SuSE distro
while things might not work and it's not SuSE's fault at all.)

Admittedly a warranty doesn't make bugs and problems go away
magically. But when a vendor writes "there is no problem within
the software and I'm so certain about it that I state this
publically and return (and add) money in case I'm wrong" does
it reflect the vendor's position (commitment) towards his product
and raises your faith. And when the vendor is held responsible
for being wrong, he will make sure it happens rarely or not at
all. The above warranty is not a "best effort" statement.

I'm not saying that software automatically is crap when there's
no warranty coming with it. But I'm easier using software which
is accompanied by one. Especially in the sensitive environment
we are talking about.

virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittiggmx.net

-- 
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.
-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]