Python Software FoundationApr 11, 2023
We're concerned that language in the proposed European Cyber Resilience Act may cause problems for public open source repositories like the ones we host. Please read and share: https://pyfound.blogspot.com/2023/04/the-eus-proposed-cra-law-may-have.html
The EU's Proposed CRA Law May Have Unintended Consequences for the Python Ecosystem

Python Software Foundation Blog
Show threadRokosunApr 12, 2023

@ThePSF

> If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else’s commercial product. The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users.

Okay, this sounds pretty bad for the FOSS community! 😨

Show threadmeApr 12, 2023
@futureisfoss @ThePSF
Was thinking IF this gets proper attention (open source repositories hosters without a formal relationship with a vendor using it, don't get legal liability) ...

It works the other way around also?

If a vendor don't want the liability risc, it just needs to support OSS development and use that instead of proprietary software to avoid it ...

Think I could live with that.
Show threadRokosunApr 12, 2023
@me @ThePSF
I think the important factor to look for is if the said entity is making profit out of the software or not, and its also important to check if its directly working to produce the end product that violates users or if its just a small software tool used for many things by many people.
Show threadme
@futureisfoss @ThePSF
Agree!

But we have to put proper AND & OR logic to this reasoning with concrete metrics or criteria attached to make it work.

Something the blog article lacks in this stage.
Apr 12, 2023 at 5:58amWeb