@Maciejasjmj said:
First of all, it's your decision to do something for free. Nobody's forcing you.
This is a really weird argument. Nobody's forcing you to use the free software either. If you want accountability you pay someone to be accountable.
You're looking beyond the depth that actually exists... no one needs to excuse OpenSSL for Heartbleed because there's no blame to place to begin with; the contract is "you get this for free, and if something goes wrong you can't hold us accountable". You don't use OpenSSL without that contract and OpenSSL wouldn't exist if they were held accountable for every possible vulnerability.
"it's free, so shut the fuck up" shouldn't happen because the conversation shouldn't even go that far. You jumped out of the plane and let someone else pack your parachute. If you're not comfortable with their ability to pack a parachute, then you don't jump out of the plane. It's your responsibility to vet free software and weigh the risk before the jump.
When you pay someone - a large part of why you're paying them is because you can hold them responsible when something goes wrong. You're establishing a contract and making an exchange for something that fits an agreed upon criteria. If that criteria isn't met on either side, then there's an imbalance that needs correction.
So if you get burned by free software, you really have to hope that there's some shared interest in fixing things... because you're not owed anything. No exchange was made, there's no balance to be corrected.
There's a reason open soured projects often revolve around the word community. The hope is that everyone treats each other like human beings and comes to some sort of solution or understanding... and if you can't live with the risk of that not happening you either have to learn how to fix it yourself or pay someone to be accountable.