For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
If you build a bridge and make it open to the public, then you absolutely have both an ethical and legal obligation to make it safe to use.
That would be at least negligent manslaughter in most, if not all jurstictions.
To be clear I’m not saying that anyone has to do everything that that people request of them. But rather that there is a non-zero amount of responsibility to the public when a project is being actively maintained. If you don’t want that responsibility, then let someone else take over, or announce that the project is abandoned.
The license people agree to, to use the software disclaim warranty and limited liability. So your analogy would be better if the bridge had signage explaining such that most people don’t read. So not a legal obligation, but maybe it hasn’t been tested in court yet.
Where I live if you build a bridge that is assessable to the public and someone gets hurt using it, because you made it unsafe to use, then you are legally responsible for that. It does not matter how many signs you put up, or what agreements were made, if you build a bridge (or other structure ) you are responsible for ensuring that it is safe to use.
Also, to clarify, it’s not my analogy. I was using the one made by the person I responded to.