+1 to this.

Although I don't understand too much of the legal stuff, my concern is mostly with: "can I be held liable for something I wrote in my spare time for fun?"

I am currently feeling like I am bitten twice by the same snake: I (as the owner of a piece of software) can be held liable if that piece of software gets used in someone else's business product, and because I use a lot of AI, I am also responsible if that AI model is used by that piece of software decides to go haywire. Do I really need to get a signature of conformity if I want to build SkyNet? Meanwhile, I have toys "made in China" with CE markings that simply lack the most basic security features, and they ask me to pay for an audit...

Jokes aside, does this mean that Linux now needs a CE label? If so, what if they simply say "no" and block access to the EU? Think of the implications when that would happen...

Julius

Op ma 28 nov. 2022 15:59 schreef Maarten Aertsen <maarten@nlnetlabs.nl>:
good afternoon list,

I would like to understand the number of people/organisations on this
list who are concerned about the European Commission's Cyber Resilience
Act proposal effects on open source software development.

This topic was presented at RIPE85 [1] and covered in a recent blog (see
below, should have cross-posted), which was republished at RIPE Labs
last week:

https://labs.ripe.net/author/maarten-aertsen/open-source-software-vs-the-proposed-cyber-resilience-act/

You would help both me and RIPE NCC staff that are tracking the proposal
by speaking up on list. Answers by both developers and users are valuable.

A simple +1 is fine. Thanks.

kind regards, Maarten


-------- Forwarded Message --------
Subject: Re: [cooperation-wg] Cyber Resilience Act effects on OSS on
agenda of open source-wg
Date: Mon, 14 Nov 2022 09:38:00 +0100
From: Maarten Aertsen <maarten@nlnetlabs.nl>
To: cooperation-wg@ripe.net

Good morning,

I just published an extended, written version of my RIPE talk in the
open-source wg [1] with NLnet Labs' perspective on the European
Commission's proposal for a Cyber Resilience Act vs. Open Source:

https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/

We feel the current proposal misses a major opportunity. The CRA could
bring support to open-source developers maintaining the critical
foundations of our digital society. But instead of introducing
incentives for integrators or financial support, the current proposal
will overload small developers with compliance work.

At the same time, this is only the Commission's proposal. I hope there
is opportunity to raise awareness and influence the coming positions and
negotations.

I'm very grateful to the many people in the RIPE community that talked
to me after my presentation. I feel my understanding of the issue is
improving. Curious to hear what you think, how you feel this affects the
projects you rely on and what we have yet to learn about the implications.

kind regards, Maarten

[1] https://ripe85.ripe.net/archives/video/911

--

To unsubscribe from this mailing list, get a password reminder, or
change your subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/cooperation-wg

_______________________________________________
opensource-wg mailing list
opensource-wg@ripe.net
https://lists.ripe.net/mailman/listinfo/opensource-wg

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/opensource-wg