SECURITY BUG IN INTERACTIVE UNIX SYSV386

Peter Kendell pete at tcom.stc.co.uk
Fri Feb 22 22:17:48 AEST 1991


>From article <473 at bria>, by <somebody>:
 
} It matters not who is to _blame_.  It does matter who's _responsible_.
} You bought your car from Ford.  The motor flies out of the hood because
} of defective bolts.  You go to Ford, and they say "Sorry, but you'll have
} to talk to ``XYZ Bolt''.  It's not our problem because _we_ didn't make
} the bolts."  I personally wouldn't sit still for this, and I doubt you
} would either.

You don't go to Ford, you go to the retailer who sold you the product.
Otherwise, quite right.
 
} The reseller should be responsible for what is sold.  When I buy a flavor
} of UNIX, I am buying a complete package, not just modifications.  (Those
} who thrive on the legal aspects of this will point out that all you're
} really buying is diskettes.  Fine, but a company who treats its customers
} accoring to that criteria won't be in business very long.)

Absolutely.  When I see the (all too common) form of licence that says
(paraphrased) "We'll exchange the media if faulty, but otherwise we
don't guarantee that this product is good for anything in particular
and we won't be responsible for any havoc it may cause to your business
if it's faulty" I wonder what it is that I'm actually *buying*.  It's
enough to turn anyone into a software thief...

In the UK we have the concept of 'merchantable quality'.  That is, if
you sell something, like a car or an operating system licence, then
it's got to do what a reasonable person (tm) would expect such a thing
to do and not to behave in such a way as to endanger the buyer.  This
concept is independent of supplier warranties.

Peter



More information about the Comp.unix.sysv386 mailing list