This has nothing to do with security, and everything to do with liability.
You can’t really sue an open source project using a proper license, they disclaim any liability or warranty, meaning the buck stops with you.
If you hire a software development firm and pay for them to build software for you, you will have a different license, the software company can just repackage open source software into their own UI and branding, take the money and declare bankruptcy if their customers try to sue them.
The customers are mostly happy, they get to tick the box that they have a support contract for the software and a company is liable if shit hits the fan. The software development company is happy, they get money for doing very little actual work.
The open source project probably doesn’t know about the abuse of the license and thus mostly doesn’t care.
I’ve been in these meetings and you’re on the money. Insurance (the concept, not necessarily the product) is almost always the reason any time you see some stupid policy.
When I was young and naive I thought the technologically correct way to do things was the best. In the business world that’s seldom the case, though.
At one place I worked we couldn’t use eclipse licensed things because the license mentioned indemnification or something. I don’t really understand what that meant because I think some other licenses mentioned it too. Plus literally all of us used Eclipse IDE.
This has nothing to do with security, and everything to do with liability.
You can’t really sue an open source project using a proper license, they disclaim any liability or warranty, meaning the buck stops with you.
If you hire a software development firm and pay for them to build software for you, you will have a different license, the software company can just repackage open source software into their own UI and branding, take the money and declare bankruptcy if their customers try to sue them.
The customers are mostly happy, they get to tick the box that they have a support contract for the software and a company is liable if shit hits the fan. The software development company is happy, they get money for doing very little actual work.
The open source project probably doesn’t know about the abuse of the license and thus mostly doesn’t care.
I’ve been in these meetings and you’re on the money. Insurance (the concept, not necessarily the product) is almost always the reason any time you see some stupid policy.
When I was young and naive I thought the technologically correct way to do things was the best. In the business world that’s seldom the case, though.
At one place I worked we couldn’t use eclipse licensed things because the license mentioned indemnification or something. I don’t really understand what that meant because I think some other licenses mentioned it too. Plus literally all of us used Eclipse IDE.