zlacker

[return to "Debian Statement on the Cyber Resilience Act"]
1. gavinh+ov[view] [source] 2023-12-28 01:33:16
>>diyftw+(OP)
I believe our industry needs regulations and liability, but the CRA could be dangerous. (See my comment at [1].)

There is a better way [2], but I don't know how we would convince politicians that there is a better way.

[1]: >>38788919

[2]: https://gavinhoward.com/2023/11/how-to-fund-foss-save-it-fro...

◧◩
2. api+oF[view] [source] 2023-12-28 03:11:22
>>gavinh+ov
If this isn’t done extremely carefully and with deep understanding of the industry, software will get 10X as expensive and innovation will halt due to liability concerns.

It’ll turn into the aerospace industry where “if it hasn’t flown, it can’t fly.” This is among other things why we still burn leaded gas in small planes. Replacing it is easy, but the cost of certifying any kind of new design is insane.

I’ve always just been against any such regulation because I have zero confidence our technically ignorant politicians can do it well.

I also think it’s likely to be sabotaged by consultants and big tech monopolists who see an opportunity to lock out competitors or create gravy trains.

◧◩◪
3. Barrin+sI[view] [source] 2023-12-28 03:42:14
>>api+oF
I think that is an odd comparison. Yes, there's parts of an industry like aerospace where innovation is slow, but then again if airplanes were build like web apps they'd get twice as heavy every year and fall out of the sky once per day.

Compared to the relatively high engineering standards and slow but at least continuous improvements in actual engineering disciplines, software is built so badly most of it should never see the light of day. If most machines we build were as insecure and crappy as software we'd have brought the Code of Hammurabi back already.

[go to top]