@glyph @0xabad1dea @tribut So would strict liability be mandatory, or something that can be offered as part of a contractual relationship? Because I don't see how the latter opt-in version is different from the status quo. As you said, there are already entities that do that. If it's mandatory, then you need a better answer to all the previous questions, because the rules need to adjudicate when it's mandatory and when it's not, and who it falls on. Clients do pay Geomys for Go.

@glyph @0xabad1dea @tribut The EU is trying that, right? Does Geomys have strict liability for all of Go? Or does Google? Why would Google let Geomys maintain Go if the liability falls on them? Does a maintainer with a Patreon have strict liability? What about a maintainer who scored their first $10k support contract, which is not enough to pay both taxes and E&O insurance?

I understand the desire to stick it to the man, but the system needs to be viable, not just desirable.

Well I'll be damned. I might have to switch phones after all even if all the new ones are oversized.

Unfortunate this looks opt-in for third-party apps. I wonder how much adoption there will be. Hopefully WhatsApp and Signal will adopt it right away?

https://security.apple.com/blog/memory-integrity-enforcement/