Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're telling me that you don't hold a developer responsible for the way he implements things, if he isn't the originator of the implementation?



Of course, but in that case it’s more appropriate to talk about “Apple’s implementation of the standard OCSP protocol” rather than ”Apple’s protocol”.


I don't agree, and moreover I note that this is a purely semantic point that you are making.

Apple is a major hardware manufacturer and software developer, and it seems totally appropriate to suggest that Apple is responsible for how it chooses to implement certain features. Saying "well, we just took it off the shelf" may work for a small-potatoes business, but not the largest public company in the world.

Additionally, it's like the Nuremberg Defense of software.

Any protocol (or tool in general) is appropriate for certain situations, and inappropriate (in this case, vulnerable) in other ones. You shouldn't suggest that others must bend over backwards semantically to try to pass the buck away from Apple, because Apple is responsible for using the protocol. Saying "Apple's protocol" indicates that Apple made the conscious choice to use that protocol, and that Apple has ownership of the consequences of using that protocol.


I think that is an confusing interpretation, fwiw.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: