zlacker

[return to "Debian Statement on the Cyber Resilience Act"]
1. candid+Eo[view] [source] 2023-12-28 00:23:55
>>diyftw+(OP)
What about the CRA is so bad? The requirements seem like common sense. Can anyone point out something specific that seems overly onourous? Debian couldn't...

Our industry desperately needs better regulations, IMO.

◧◩
2. ManBea+jq[view] [source] 2023-12-28 00:39:37
>>candid+Eo
Big parts of the legislation are good and long overdue. The big problem is that this effectively also includes many free/open-source software projects, as the definition for what constitutes "commercial" or "commercial-grade" is very broad. You host a FOSS library on Github that can/is used by others? Congrats, you now have to fulfil all requirements. Look for "Update on the European Cyber Resilience Act" by the Eclipse Foundation on YouTube for infos.
◧◩◪
3. jahav+iu[view] [source] 2023-12-28 01:19:46
>>ManBea+jq
There is some hope for individual developers in EP amended version https://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COM... article 10c: > Developers contributing individually to free and open-source projects should not be subject to obligations pursuant to this Regulation.

Actually it’s an improved version. Hopefully it will make it through consolidation with EC version.

◧◩◪◨
4. ManBea+iz[view] [source] 2023-12-28 02:11:04
>>jahav+iu
Thank you for providing that, didn't knew about that amended version. This only includes individual developers though and if you are employed this is already a problem again: (10a) "[...]Similarly, where the main contributors to free and open-source projects are developers employed by commercial entities and when such developers or the employer can exercise control as to which modifications are accepted in the code base, the project should generally be considered to be of a commercial nature." A small step in the right direction, but not quite there yet. Companies that want to just release (old) projects would also be more hesitant now. Recurring donations from companies would also contaminate the project.
◧◩◪◨⬒
5. jahav+hC[view] [source] 2023-12-28 02:39:59
>>ManBea+iz
That is one of them, here is the second version with different amendedments by European Council: https://data.consilium.europa.eu/doc/document/ST-11726-2023-...

They are now hashing out a final consolidated version in a trialogue.

[go to top]