ssokolow: Obviously we're not going to see eye-to-eye on this. If I'd designed the system of laws, attempting to enforce your viewpoint on games and other digital forms of artistic expression would have a name like "criminal suppression of cultural exchange".
Besides, even if it were possible to enforce that politically on a global scale (Which it isn't. Just look at how the movie industry failed to stamp out code like DeCSS and at the
ongoing failures to block access to sites like The Pirate Bay. In fact, there are
good arguments to be made that attempting to do so is a human rights violation.), it's impossible to enforce on a technical level.
eiii: I think we are not talking about the same thing. I do not mean people which make mistakes which always will happen, especially in the high complexity of software systems. I talk about the attitude to
intentionally and deliberately ignore security aspects only because it requires less effort ("have no time") and is cheaper. Software manufacturers should be responsible for such kind of misconduct as every other manufacturer already is. That has nothing to do with cultural exchange, human rights or restricting free speech. I'm the last one who wants to restrict that. Its about commercial activity. When you sell a software product or service (it doesn't matter if it's a game or any other software) you are responsible for its security. Maybe software vendor would have fit better for that than software manufacturer.
ssokolow: I firmly believe that the solution is better sandboxing, better support infrastructure for developers, and a push to make as much of the game code as possible commonly maintained.
eiii: No technical means will help anything if nobody feels responsible and will be made responsible for the security of the final software product. There's no reason why software vendors should be treated differently to any other vendors.
No, I think we ARE talking about the same thing. I'm saying that:
1. Your solution is unfeasible in the real world
It reminds me of the point Alfie Kohn makes in
Who's Cheating Whom. Basically, the cure is worse than the disease. To curb cheating (or to enforce this kind of responsibility model) would require changes to our schools (or our society) so severe that they'd destroy related societal goods of much greater value.
The real problem is becoming fixated on one specific approach to solving the problem, even when, in a real-world context, the approach is unfeasible. (Though, I suppose might be feasible if there were some kind of taxpayer-funded program to reimburse programmers for wages lost to fixing old or unprofitable projects.)
(Like a comedy scenario where the exterminator/cat/etc. destroys the hotel/house/etc. in their single-minded pursuit of the pests.)
2. Holding people liable for failing to maintain their artistic creations would have a chilling effect on art as people fear being shackled to it for the rest of their life.
(Or it won't act as a deterrent because they're dumb kids who don't consider the consequences of their actions anyway. I see this as, in some ways, analogous to how many people in the U.S. don't want to accept that the death penalty has no deterrent effect because murderers either don't think before acting or they're overconfident in their ability to not get caught.)
That and the fact that an OS is a centralized component is why I believe as much of the security as possible should be pushed into the OS. (ie. sandboxing, higher-level opt-in permissioning APIs, etc.)
