This is legitimately it. The same reason corporations often pay for Linux (e.g. RHEL)—the people in charge want to be able to pick up a phone and harass someone until they fix their problem. They simply can’t fathom any alternative approach to managing dependencies.
Not just pick up the phone and harass someone but to also have someone to press a lawsuit against if things go really wrong. With free software the liability typically ends at the user which means all they can do is fire the employee and eat the loss. Suppose now corporate paid for it, well now there is a contract and a party that can be sued.
I hear that a lot but would that actually work? Sure, you will get a redhat level 1 support employee within the hour for a severity 1 ticket. But does the actual contract (which I don’t have access to) make any legally binding guarantees regarding the time-to-resolution? I seriously doubt it. Which is to say – your legal team will be SOL.
They also won’t take responsibility for any fuckup on your part if you install a bad driver or deviate from the admin guides in anyway (which is why Legal says for a minor issue you can’t apply a patch from StackExchange, you must raise a ticket and wait 3 business days for RedHat to tell you to apply the patch from StackExchange).
Getting phished definitely falls in this category BTW. Vendors may or may not help you but they certainly won’t accept any liability.
It’s still a good enough safety net to have for corporations with no trustworthy in-house expertise as vendors do have an incentive to keep their customers happy and most will help to the best of their abilities (which often isn’t as much as one might think…), but it’s hardly a legal panacea. If you need guarantees against catastrophic financial losses, that is what insurance is for.
Companies and individuals play by different rules.
When a big company purchases software a team of people from both parties (whose entire job and career are based on doing this) negotiate with each other to decide exactly who is liable for what and to what degree.
When you purchase software you agree to let the company fuck you over at their leisure because you literally do not have enough hours in the day to even read everything you agree to, let alone understand it, let alone argue with it. And even if you did you don’t have enough bargaining power to make a large company care.
A.9.17 As one of our existing software vendors, can you just fill in this questionnaire for us?
We periodically receive requests like this, from organisations which have apparently sent out a form letter to everyone listed in their big spreadsheet of ‘software vendors’ requiring them all to answer some long list of questions […]
We don’t make a habit of responding in full to these questionnaires, because we are not a software vendor.
A software vendor is a company to which you are paying lots of money in return for some software. They know who you are, and they know you’re paying them money; so they have an incentive to fill in your forms and questionnaires […] because they want to keep being paid.
[…]
If you work for an organisation which you think might be at risk of making this mistake, we urge you to reorganise your list of software suppliers so that it clearly distinguishes paid vendors who know about you from free software developers who don’t have any idea who you are. Then, only send out these mass mailings to the former.
It makes blaming someone really easy though and that’s all that matters in a corporate world.
This is legitimately it. The same reason corporations often pay for Linux (e.g. RHEL)—the people in charge want to be able to pick up a phone and harass someone until they fix their problem. They simply can’t fathom any alternative approach to managing dependencies.
Not just pick up the phone and harass someone but to also have someone to press a lawsuit against if things go really wrong. With free software the liability typically ends at the user which means all they can do is fire the employee and eat the loss. Suppose now corporate paid for it, well now there is a contract and a party that can be sued.
I hear that a lot but would that actually work? Sure, you will get a redhat level 1 support employee within the hour for a severity 1 ticket. But does the actual contract (which I don’t have access to) make any legally binding guarantees regarding the time-to-resolution? I seriously doubt it. Which is to say – your legal team will be SOL.
They also won’t take responsibility for any fuckup on your part if you install a bad driver or deviate from the admin guides in anyway (which is why Legal says for a minor issue you can’t apply a patch from StackExchange, you must raise a ticket and wait 3 business days for RedHat to tell you to apply the patch from StackExchange).
Getting phished definitely falls in this category BTW. Vendors may or may not help you but they certainly won’t accept any liability.
It’s still a good enough safety net to have for corporations with no trustworthy in-house expertise as vendors do have an incentive to keep their customers happy and most will help to the best of their abilities (which often isn’t as much as one might think…), but it’s hardly a legal panacea. If you need guarantees against catastrophic financial losses, that is what insurance is for.
As if the Eulas don’t make it all arbitration?
What software company allows liability for mistakes in a EULA?
Companies and individuals play by different rules.
When a big company purchases software a team of people from both parties (whose entire job and career are based on doing this) negotiate with each other to decide exactly who is liable for what and to what degree.
When you purchase software you agree to let the company fuck you over at their leisure because you literally do not have enough hours in the day to even read everything you agree to, let alone understand it, let alone argue with it. And even if you did you don’t have enough bargaining power to make a large company care.
Most do, but limited to the amount of the contract.
So corporations are just The Gang in It’s Always Sunny In Philadelphia?
The greentext reminds me of this FAQ entry: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-vendor
I read only part of the URL and thought this was about puzzles. Never knew the guy made Putty as well
Would be really funny if they still get fucked over because of some fine print in the disclaimer
Or maybe the vendor goes with “take the money and run”.