[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)
Walter van Holst
walter.van.holst at xs4all.nl
Sun Apr 27 16:58:07 EDT 2014
On 27/04/2014 12:55, Arnold Reinhold wrote:
>
> In the situation I was positing, someone killed or seriously injured
> because GCC removed a safety test, it is my understanding that
> commercial wavers like that are no defense against criminal
> prosecution. Even in civil litigation, their enforceability is limited
> and the situation in the U.S. varies by state. Disclaimers are
> generally enforceable as part of a conscious contract between
> knowledgable parties of comparable bargaining power, but most states
> do not allow a party to limit their liability for gross negligence.
> Members of the general public, who depend on numerous pieces of
> software written in C but have never heard of GCC nor seen their
> disclaimers, may not be bound by them.
>
> Again I am not a lawyer; my only advice is to talk to one before you
> assume disclaimers like the one you quoted will shield you against any
> consequences of your software development activities, particularly in
> the security area.
>
>
I do practice law and the GNU GPL disclaimer is unlikely to hold water
in any civil law jurisdiction in case of a clear security issue brought
to the developer's attention. It quite likely works for civil liability
in common law jurisdictions (such as most of the USA). That said,
product liability for software is practically terra incognita in law,
but quite likely to heat up in the near future.
Regards,
Walter
More information about the cryptography
mailing list