+1 to this. Although I don't understand too much of the legal stuff, my concern is mostly with: "can I be held liable for something I wrote in my spare time for fun?" I am currently feeling like I am bitten twice by the same snake: I (as the owner of a piece of software) can be held liable if that piece of software gets used in someone else's business product, and because I use a lot of AI, I am also responsible if that AI model is used by that piece of software decides to go haywire. Do I really need to get a signature of conformity if I want to build SkyNet? Meanwhile, I have toys "made in China" with CE markings that simply lack the most basic security features, and they ask me to pay for an audit... Jokes aside, does this mean that Linux now needs a CE label? If so, what if they simply say "no" and block access to the EU? Think of the implications when that would happen... Julius Op ma 28 nov. 2022 15:59 schreef Maarten Aertsen <maarten@nlnetlabs.nl>:
good afternoon list,
I would like to understand the number of people/organisations on this list who are concerned about the European Commission's Cyber Resilience Act proposal effects on open source software development.
This topic was presented at RIPE85 [1] and covered in a recent blog (see below, should have cross-posted), which was republished at RIPE Labs last week:
https://labs.ripe.net/author/maarten-aertsen/open-source-software-vs-the-pro...
You would help both me and RIPE NCC staff that are tracking the proposal by speaking up on list. Answers by both developers and users are valuable.
A simple +1 is fine. Thanks.
kind regards, Maarten
-------- Forwarded Message -------- Subject: Re: [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg Date: Mon, 14 Nov 2022 09:38:00 +0100 From: Maarten Aertsen <maarten@nlnetlabs.nl> To: cooperation-wg@ripe.net
Good morning,
I just published an extended, written version of my RIPE talk in the open-source wg [1] with NLnet Labs' perspective on the European Commission's proposal for a Cyber Resilience Act vs. Open Source:
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
We feel the current proposal misses a major opportunity. The CRA could bring support to open-source developers maintaining the critical foundations of our digital society. But instead of introducing incentives for integrators or financial support, the current proposal will overload small developers with compliance work.
At the same time, this is only the Commission's proposal. I hope there is opportunity to raise awareness and influence the coming positions and negotations.
I'm very grateful to the many people in the RIPE community that talked to me after my presentation. I feel my understanding of the issue is improving. Curious to hear what you think, how you feel this affects the projects you rely on and what we have yet to learn about the implications.
kind regards, Maarten
[1] https://ripe85.ripe.net/archives/video/911
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/cooperation-wg
_______________________________________________ opensource-wg mailing list opensource-wg@ripe.net https://lists.ripe.net/mailman/listinfo/opensource-wg
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/opensource-wg