--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

https://www.blacknight.com/

https://blacknight.blog/

Intl. +353 (0) 59  9183072

Direct Dial: +353 (0)59 9183090

Personal blog: https://michele.blog/

Some thoughts: https://ceo.hosting/

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty

Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

From: Maarten Aertsen <maarten@nlnetlabs.nl>
Date: Tuesday, 29 November 2022 at 11:30
To: Michele Neylon - Blacknight <michele@blacknight.com>, opensource-wg@ripe.net <opensource-wg@ripe.net>
Subject: Re: [opensource-wg] concern re: Cyber Resilience Act effects on open source?

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

hi Michele,

Thanks for taking the time to respond, I really appreciate that.

On 28/11/2022 18:09, Michele Neylon - Blacknight wrote:
> Maybe I’m missing something, but the draft language **excludes** open
> source software [..]

"Yes*, but with a /very big asterisk/" (quoting from [1])

I am really thankful that an exception, even a limited one, made it at all.

And at the same time, this may draw our attention away from the facts
that the current proposal:

   1. misses an opportunity to actually support the open source work our
society depends on (in any way: acknowledgement, incentives to
contribute, financial, liability, ..)
   2. creates a new barrier to people or projects that move from 100%
volunteer-effort to having some income by introducing compliance work
that may be hard to be met by small or cash-strapped developers.

I'm curious about your thoughts on the concept of "commercial activity"
as it applies to software you write or use. I hope my writing on its
role in the CRA is of any help.

kind regards, Maarten

[1]
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/#but-wait-isnt-there-an-exception-for-open-source

--
Maarten Aertsen
   senior internet technologist, NLnet Labs