Maarteen
I think the way they’ve framed commercial activity is problematic.
It’s also inconsistent with other EU legislation where they’ve specifically carved out smaller businesses, which they should be doing here as well.
TLDR – I’m not going to lose sleep if RedHat have to do something, but I really don’t want a small open source software company with a handful of staff to be forced to meet the same
criteria as a multi-billion dollar company.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: Maarten Aertsen <maarten@nlnetlabs.nl>
Date: Tuesday, 29 November 2022 at 11:30
To: Michele Neylon - Blacknight <michele@blacknight.com>, opensource-wg@ripe.net <opensource-wg@ripe.net>
Subject: Re: [opensource-wg] concern re: Cyber Resilience Act effects on open source?
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
hi Michele,
Thanks for taking the time to respond, I really appreciate that.
On 28/11/2022 18:09, Michele Neylon - Blacknight wrote:
> Maybe I’m missing something, but the draft language **excludes** open
> source software [..]
"Yes*, but with a /very big asterisk/" (quoting from [1])
I am really thankful that an exception, even a limited one, made it at all.
And at the same time, this may draw our attention away from the facts
that the current proposal:
1. misses an opportunity to actually support the open source work our
society depends on (in any way: acknowledgement, incentives to
contribute, financial, liability, ..)
2. creates a new barrier to people or projects that move from 100%
volunteer-effort to having some income by introducing compliance work
that may be hard to be met by small or cash-strapped developers.
I'm curious about your thoughts on the concept of "commercial activity"
as it applies to software you write or use. I hope my writing on its
role in the CRA is of any help.
kind regards, Maarten
[1]
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/#but-wait-isnt-there-an-exception-for-open-source
--
Maarten Aertsen
senior internet technologist, NLnet Labs