[EMAIL PROTECTED] wrote: >... > People running around in business selling > products and services and then disclaiming any liability with regard > to their performance _for_their_intended_task_ is, IMHO, wrong.
IMHO this presents an unsophisticated notion of "right versus wrong". By way of analogy: Suppose you go skiing in Utah. A rut left by a previous skier causes you to fall and break your leg, or worse. Now everybody involved has been using the ski area _in_the_intended_manner_ yet something bad happened. So who is liable? The ski area could have groomed that trail, but they didn't. They could have enforced a speed limit, but they didn't. They could at least have bought insurance to cover you, but they didn't. They simply disclaimed all liability for your injury. Not only is this disclaimer a matter of contract (a condition of sale of the lift ticket) it is codified in Utah state law. Other states are similar. If you don't like it, don't ski. Returning to PKI in particular and software defects in particular: Let's not make this a Right-versus-Wrong issue. There are intricate and subtle issues here. Most of these issues are negotiable. In particular, you can presumably get somebody to insure your whole operation, for a price. In the grand scheme of things, it doesn't matter very much whether you (the PKI buyer/user) obtain the insurance directly, or whether the other party (the PKI maker/vendor) obtains the insurance and passes the cost on to you. The insurer doesn't much care; the risk is about the same either way. The fact is that today most people choose to self-insure for PKI defects. If you don't like it, you have many options: -- Call up some PKI vendor(s) and negotiate for better warranty terms. Let us know what this does to the price. -- Call up http://www.napslo.org/ or some such and get your own insurance. Let us know the price. -- Write your own PKI. Then defray costs, if desired, by becoming a vendor. -- Et cetera. In general, there is a vast gray area between "Right" and "Wrong". Most things in my life can be described as not perfect, but way better than nothing. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
