this post was submitted on 19 Jul 2023
890 points (98.2% liked)
Memes
45753 readers
1781 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Really? According to this site they claim that "The Cyber Resilience Act should only apply to free open-source software that is developed or supplied in the course of commercial activity." While that could be a broad scope, I don't think it applies to most FOSS. Linux is really the big thing I see it applying to and Linux is very Cyber secure, so I don't really see issues there.
Are there other parts of the law that ban FOSS? Or is that site too pro EU and glosses over the bad parts?
Almost all FOSS development happens as part of a commercial activity.
The most obvious example is of course corporate sponsorship of FOSS projects, but even things like pull requests submitted to FOSS libraries by corporate employees qualify as “develop[ment] in the course of commercial activity”.
Linux does not and cannot comply with the demands of the Cyber Resilience Act. For example, the Act demands automatic update installation, which within a kernel is infeasible and unsafe. Linux will be illegal in the EU.
Furthermore, no company in its right mind is going to sponsor, or allow its employees to contribute to, any FOSS project if doing so creates the risk of fines. All corporate sponsorship of and contribution to FOSS projects—which, once again, is responsible for almost all FOSS development—will completely and instantly disappear in the EU, severely damaging the worldwide FOSS movement.
Needless to say, this proposal is catastrophically bad.