Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They can't go back in time and change how they did it, and they did explain and apologised for not handling it correctly.

Stuff like that happen. We should only judge them if they screw up like that again.



Aka "first murder is on the house, the second one you pay for".


How does it make even a little sense to compare this to murder?


consider murder a metasyntactic variable


I'm not sure I agree with the parent poster, surely this isn't exactly murder.


It's a hyperbolic cheeky way of pointing out that they're getting off the hook for their first gross transgression. The GP isn't in any way suggesting mishandling this security issue was equivalent to murder.

They're pointing out that if the transgression were more severe, we'd easily see right through the hole in the reasoning.


You can’t just substitute different transgressions and use the same reasoning. There are plenty of crimes where it’s reasonable to be more lenient to a first-time offender, but murder is not one of them.


There are no crimes where it is reasonable to be lenient to a first-time offender. It's a matter of intent: Lenience is given to accidents (usually still only the first occurrence), which may or may not have caused a crime.

What they did was to silence a security researcher, produce marketing material with falsehoods, and as a result ultimately damage their customers by allowing a security vulnerability to remain present, and not raise alarms afterwards that customers need to ensure that they were not exploited. They actively decided that harming their customers was okay if it allowed them to avoid attention.

This is not an accident, but an intentionally committed crime. No lenience is warranted.


Technically there are plenty of crimes where it is not only reasonable but morally obligatory to be lenient to a first-time offender. Like copyright infringement or sodomy. But in those cases it's also obligatory to be lenient to a second-/third-/etc-time offender, because the law criminalizing them is unjust. Similarly, I strongly suspect that the law unjustly fails to criminalize Slack's negligent disregard for their users security in this case.

I agree that, crime or not, it was intentionally committed, and does not warrant lenience, though.


The comparison to murder seems apt when we're looking at this in terms of intent rather than severity. The original response stated that we should forgive slack because "things like this happen", playing off the incident like an accident, when this was clearly not the case.


There's a difference in kind between leniency and suspending all judgement. The GP was explicitly in favour of suspending all judgement.

They didn't accidentally spin this so hard into a cover-up. Sure, if they showed a repeated pattern of such behavior, they should see greater consequences, but they still deserve to get called out hard on their first cover-up.


In its hyperbolic cheek, it overlooks the fact that we can overlook a first offense, precisely because it’s not a matter of life and death.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: