Arguably, if your code is hosted by a third-party, the legal document is the least of your problems. If someone modified your legal documents without your knowledge, you are likely to be able to fight it as having been a victim of fraud yourself, and you wouldn't be expected to abide by fraudulent contracts created by a third party impersonating you, right? (I don't really know for sure, you are the attorney, but I'd be surprised if you were liable for forged contracts)
On the other hand, if your code is modified, it can exfiltrate data that you are never getting back, no matter what the legal system says. Even credit card numbers are not the worst, since in theory you can end up reversing every single fraudulent transaction made, and insurance might cover your liability. But in the case of Medium, it could, say, leak the real world identity of a blogger or citizen journalist in a place where doing so would put their lives at risk. So if you are already trusting a third party with the lives of your users who are trusting you with their lives (whether they should or not), is having the text of your EULA swapped by the lyrics of "I am never gonna give you up" really a worst case scenario?
At this point, given how many people use it as the authoritative source for their software, GitHub is already critical infrastructure, on par with GPS and the electrical grid of many countries. So if GitHub goes rogue or is compromised, the damage can be pretty catastrophic. Brave new world, ain't it?
>> Arguably, if your code is hosted by a third-party, the legal document is the least of your problems.
It depends on who you talk to. The legal dept would say that code can be replaced. The coding people similarly look down on contracts as paper anachronisms. Which matters more depends on the situation. The one that matter in any moment is whichever has been attacked most recently.
I would say that errors in a contract are more expensive to fix than code. A change to code can be patched once detected. But drop a key line from a contract, perhaps the limitation on jurisdiction or arbitration, and you might be stuck with costly litigation even if you make a change asap.
But would you be actually responsible for it if someone changes your contract without your knowledge? Even if you are the one serving it?
So, if I went to a car dealership with my own modified contract in hand, and surreptitiously changed it for the one being put forth by the dealer and got him to sign it, would he be bound by that contract? (independent of whether or not I am committing a crime in that scenario)
Re: The code can be replaced. Sure, I am not worried about losing code at rest, for anything non-trivial you should have plenty of copies of a git repository anyways. But if modified code gets deployed, then suddenly you can take actions that might cost human lives or leak sensitive data and that genie can't be put back in the bottle, at any cost.
On the other hand, if your code is modified, it can exfiltrate data that you are never getting back, no matter what the legal system says. Even credit card numbers are not the worst, since in theory you can end up reversing every single fraudulent transaction made, and insurance might cover your liability. But in the case of Medium, it could, say, leak the real world identity of a blogger or citizen journalist in a place where doing so would put their lives at risk. So if you are already trusting a third party with the lives of your users who are trusting you with their lives (whether they should or not), is having the text of your EULA swapped by the lyrics of "I am never gonna give you up" really a worst case scenario?
At this point, given how many people use it as the authoritative source for their software, GitHub is already critical infrastructure, on par with GPS and the electrical grid of many countries. So if GitHub goes rogue or is compromised, the damage can be pretty catastrophic. Brave new world, ain't it?