A
Hi!
How can a system integrator protect itself in a
situation when they implement an application based on free or open source software and does a start-up and a handover to the client? Besides, it provides the source code to the client. Suppose that the client modifies the provided source code and this results in an accident or simply poor performance. How can the system integrators be sure and, taking it to the extreme, be able to prove in the court of law, that the original source code had been modified and a flaw had been introduced (deliberately or not) by the client?
On one hand, the idea of OSS should enable the client to make modifications. On, the other hand, the contractual warranty should be null and void in such case and the system integrator should bear no responsibility or, according to the circumstances, this responsibility has to be limited.
My solution is to calculate md5 sums of the code and put them in the project handover document. Besides, these md5 sums should be registered (time to time) to log files.
Can anybody think of a better solution? The logs may be tampered, too...
Andrey Romanenko
[email protected]
How can a system integrator protect itself in a
situation when they implement an application based on free or open source software and does a start-up and a handover to the client? Besides, it provides the source code to the client. Suppose that the client modifies the provided source code and this results in an accident or simply poor performance. How can the system integrators be sure and, taking it to the extreme, be able to prove in the court of law, that the original source code had been modified and a flaw had been introduced (deliberately or not) by the client?
On one hand, the idea of OSS should enable the client to make modifications. On, the other hand, the contractual warranty should be null and void in such case and the system integrator should bear no responsibility or, according to the circumstances, this responsibility has to be limited.
My solution is to calculate md5 sums of the code and put them in the project handover document. Besides, these md5 sums should be registered (time to time) to log files.
Can anybody think of a better solution? The logs may be tampered, too...
Andrey Romanenko
[email protected]