I depend on a lot of things outside my control. Including commercial software and hardware that a vendor may discontinue support for at any time.

When my company makes deal with such vendors, it comes with a contract for support when things go wrong. If they don't honor the contract, they lose our business.

If we rely on them so heavily that it'll affect our finances significantly, I'm sure the contract has plenty of penalties if we don't get that support.

But yes, for small one off deals, you could be screwed. And guess what - it's still your job to fix it, just as with open source. Your employer cares for the end results. They expect you to say "OK, vendor X screwed us. Here is plan B."

Absolutely. Ideally, you always have a Plan B and taking a vendor to small claims (or otherwise court) is not really a Plan B. It's not always possible to have a good Plan B. You can and should do due diligence up front but things can always go south for any number of reasons. Maybe collecting some sum of money down the road doesn't really make you whole if your business gets blown up. And you'll be long fired if the decision was on you.

You have some protections with those though (usually). If you pay for software and you are not getting what you pay for, you can sue them (or whatever system you have in your country).

In the context of FOSS, it's almost always given away "as-is" without any sort of warranties or guarantees. If people end up shooting themselves in the foot even with those warnings, it's hard to feel sad for them.

As a practical matter, getting remedies from a commercial entity is often difficult and expensive--even for a company and certainly for an individual.

Yes, those remedies are pretty much non-existent for an open source project but you seem to be making a case that no one should ever use unsupported open source for anything important given how risky it is. There have certainly been companies that would be happy to take that side. I don't personally but you should go in with eyes wide open.

> getting remedies from a commercial entity is often difficult and expensive--even for a company and certainly for an individual

Depends on the country. The countries I've lived in (Spain & Sweden) both have "Small claims court" which you (as a individual) can go through for relatively speedy (and free) resolutions to minor things, and avoids the traditional (slow) court procedures. This might be EU wide, not sure.

> you seem to be making a case that no one should ever use unsupported open source for anything important

No, I'm trying to make the case that people and businesses need to be more aware of what the license of the software they're using, is under.

If the software license says "THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND" but you need some sort of warranty, then either find an entity willing to provide that for this specific piece of software, chose another project, or fork it and provide your own warranty yourself.

If you've had a major outage or security breach, small claims court will probably not help you much against someone who may not even be in your country or be incorporated.

>but you need some sort of warranty, then either find an entity willing to provide that for this specific piece of software, chose another project, or fork it and provide your own warranty yourself.

Totally agree with this though. As someone who worked for a commercial open source vendor for a number of years, if you're dependent on Linux, Kubernetes, etc. for your business you should have a commercial subscription.

>or fork it and provide your own warranty yourself.

Realizing you're now on the hook to do your own development/support ad infinitum which is usually a bad idea.