zlacker

[return to "EU Cyber Resilience Act: What does it mean for open source?"]
1. greatg+2b[view] [source] 2023-12-30 21:34:43
>>ahuber+(OP)
This regulation is so shitty. I'm quite sure that it is supported by big actors in the end, because the end goal is to ensure to have a regulatory barrier that will avoid small actors to be able to strive in the software field.

Also, to avoid "dangerous" not yet professional amateurs having a chance against big editors.

◧◩
2. Larisc+4j[view] [source] 2023-12-30 22:28:16
>>greatg+2b
Unless you sell critical products as described in Annex III[1] the requirements to fulfill CRA are quite harmless. It's mostly stuff you should be doing anyway like a risk assessment and documentation. An additionally requirement is to provide a conformity assessment, which you can do yourself for non critical software, and you must report vulnerabilities within 24 hours.

Not too bad really.

[1] https://eur-lex.europa.eu/resource.html?uri=cellar:864f472b-...

◧◩◪
3. gustav+yr[view] [source] 2023-12-30 23:49:16
>>Larisc+4j
Ya so if some kid whose 16 is messing around on his computer figures out some cool app starts publishing it and then bam the incumbents can smack him down.

The regulations are designed to deepen the software moat, and security theater, and I say this as an InfoSec professional.

◧◩◪◨
4. Larisc+5y[view] [source] 2023-12-31 01:01:20
>>gustav+yr
This is nonsense, because non-commercial activities are exempt from the CRAs requirements.
◧◩◪◨⬒
5. jart+eC[view] [source] 2023-12-31 02:01:18
>>Larisc+5y
Yes and regulation will ensure non-commercial activities stay that way. I write open source code because I love building software tools and there aren't a whole lot of opportunities to commercialize my work. I'd love it if an opportunity ever came along one day to get rich building a tool, that I could pounce on, in which case I'd love to know that I wouldn't immediately get jumped and mobbed by regulators.
◧◩◪◨⬒⬓
6. troupo+vc1[view] [source] 2023-12-31 11:39:20
>>jart+eC
"Yes, I would like to sell commercial software, but bear no responsibility for the software I'm selling".

If you cook for your friends, but then decide to open a commercial kitchen, do you think you will be exempt fromfood safety regulations?

◧◩◪◨⬒⬓⬔
7. jart+4o2[view] [source] 2023-12-31 22:05:45
>>troupo+vc1
I'm not exactly building bridges or x-ray machines, or putting food in anyone's mouth. Right now I'm building programs that generate text, and it isn't even real text like in a book that could potentially fall off a shelf and injure someone, we're talking about digital words on a computer that no one except nerds used to care about and anyone is still free to ignore, except normies won't if see an opportunity to rentseek the harmless builders doing it.
[go to top]