this post was submitted on 15 Aug 2023
98 points (92.2% liked)

Open Source

31197 readers
271 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
98
Will the cyber resilience act kill open source ? (en.m.wikipedia.org)
submitted 1 year ago by [email protected] to c/[email protected]
34 comments fedilink hide all child comments
 

Since the EU is bringing an act , that needs the products distributed to be flawless , and it applies to open source products too , if a single of their contributor / donor works for a corporate , what will be the future of FOSS in europe with this ?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 50 points 1 year ago (2 children)

For all the people not reading the actual law, this is the actual language of the proposal:

In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software.

IMO the problem OP mentions does not really exist. You can work for a corp while working on the product, your FOSS project can take donations even from corps, the only thing you can't do is monetize your FOSS product without caring for security.

[–] [email protected] 9 points 1 year ago (2 children)

Nick from The Linux Experiment youtube channel made a video recently talking about that, for him and for me it's clear that this quote:

software developed or supplied outside the course of a commercial activity should not be covered by this Regulation

means that any open source that gets any work from paid personnel from a company interested in the project in any commercial activity is covered by the regulation.

Here is the timestamp of his argument, I'm not from EU so I have no idea how this kind of idea could be implemented, but the text seems clear to me and seems bad.

If that is the case projects would be obligated to reject contributions from any companies.

[–] [email protected] 4 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/QK0rmOuzSVM?t=87

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 1 points 1 year ago

The law also keeps it vague enough , that it says employed individual , so they could be waiting tables and this will still apply !!

[–] [email protected] 1 points 1 year ago (1 children)

Please add a link to the source in your comment

[–] [email protected] 4 points 1 year ago

This is the actual proposal, it's available in all EU official languages on the EU's website. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52022PC0454