← Back to context

Comment by bostik

1 day ago

Code escrow.

You factor in the expense of having your code releases escrowed by a third party (where part of the escrow contract itself is: "must be buildable from sources as provided"), and have a post-release pipeline that automatically uploads the new version. At the end of the term, the escrow holder releases all the versions.

This is a fairly common arrangement in high finance. If you want to supply services to a bank/insurer/etc. they will typically require an escrow arrangement as a contingency plan against you as a vendor going away. And yes, they pay the escrow costs.

3 comments

bostik

Reply
bethekidyouwant  1 day ago

So if I have software on my website and you pay for it and you’re in some European country that has this law then you (who?) can sue me for not uploading all my builds to what? some s3 endpoint?

  • bostik  16 hours ago

    No, it's not that way around. And it's not a law.[ß] If you and a high-finance institution agree to a separate (lawyer-negotiated!) contract where you provide essential/important software to the institution, they quite often require code escrow arrangements as part of the deal.

    There are a few such services around, usually owned by a giant global consulting house.

    The idea is that if you as a vendor go out of business or otherwise become unable to maintain the software, the finance institution gets access to the software via the escrow. Importantly, they also gain the contractual and legal rights to further maintain (read: modify) the software.

    Under such contract the vendor has an obligation to upload periodic code releases to the escrow service, and the escrow service validates that the release builds. (And passes the bnudled test suite.) Rather surprisingly these services don't even cost that much... at least in the grand scheme of things. The requirement usually comes up only when the underlying supplier deal is at least six figures annually.

    ß: well, contract law is still law but not in the sense the parent appears to be thinking

  • AtlasBarfed  6 hours ago

    We get it, corporations are immortal, formless entities that cannot be compelled to follow law.

    ... except they need to make that transient, formless concept known as money, and governments CAN use that.