zlacker

[return to "EU Cyber Resilience Act: What does it mean for open source?"]
1. jbk+F9[view] [source] 2023-12-30 21:26:20
>>ahuber+(OP)
The new version of the CRA is quite an improvement, and most of discussions around the open source communities were about older versions that were quite concerning. There were a lot of scary discussions on the foundations mailing list and on various board of open source non-profit.

This article is a good step to explain what has changed.

(I was quite concerned as President of VideoLAN and involved in VLC and FFmpeg, since both projects would have been threatened by previous drafts)

◧◩
2. ahuber+sa[view] [source] 2023-12-30 21:30:45
>>jbk+F9
So you might be able to turn this into your advantage. The zillion people embedding your great work will be on the hook if it turns out they haven't performed sufficient due diligence on ffmpeg. And who knows, you might get them to sponsor you to get security audits or documentation done. Could be their "ticket out of jail" one day!
[go to top]