Python Software Foundation
We're concerned that language in the proposed European Cyber Resilience Act may cause problems for public open source repositories like the ones we host. Please read and share: https://pyfound.blogspot.com/2023/04/the-eus-proposed-cra-law-may-have.html
The EU's Proposed CRA Law May Have Unintended Consequences for the Python Ecosystem

Python Software Foundation Blog
Apr 11, 2023 at 2:27pmWeb
Show threadRokosunApr 12, 2023

@ThePSF

> If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else’s commercial product. The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users.

Okay, this sounds pretty bad for the FOSS community! 😨

Show threadmeApr 12, 2023
@futureisfoss @ThePSF
And "Follow the Money" instead of "Follow the Code" isnt a unknown tactic, frequently applied in other fields also, like the war on drugs.
Show threadmeApr 12, 2023
@futureisfoss @ThePSF
Was thinking IF this gets proper attention (open source repositories hosters without a formal relationship with a vendor using it, don't get legal liability) ...

It works the other way around also?

If a vendor don't want the liability risc, it just needs to support OSS development and use that instead of proprietary software to avoid it ...

Think I could live with that.
Show threadRokosunApr 12, 2023
@me @ThePSF
I think the important factor to look for is if the said entity is making profit out of the software or not, and its also important to check if its directly working to produce the end product that violates users or if its just a small software tool used for many things by many people.
Show threadmeApr 12, 2023
@futureisfoss @ThePSF
Agree!

But we have to put proper AND & OR logic to this reasoning with concrete metrics or criteria attached to make it work.

Something the blog article lacks in this stage.
Show threadRokosunApr 12, 2023
@futureisfoss @me @ThePSF

In the case of Python, its not a commercialized product that users have to buy, instead they make everything freely available for everyone to use without any paywal or price tag attached. Now even if the PSF is making money some other way (like via donations) it still won't change the fact that: a) the software they develop is noncommercial. And b) Python is just a common tool used by many people to develop countless other things, it'd be like suing a blacksmith for the murder someone else committed using a knife he made.
Show thread*_jߍyropeApr 12, 2023
This should be translated into all necessary Europan languages and then passed on to respective groups - otherwise major parts of South and East will not get to have this on their radar.
Show threadHauke RehfeldApr 16, 2023

@ThePSF
I think this might really benefit from a one paragraph summary that is more concrete at the same time.

"The new ... Act might put ... At risk of ... Due to this wording: <quote>.

Let's <actionable action> today!"