bert hubert 🇺🇦🇪🇺🇺🇦Dec 30, 2023
New post! The EU Cyber Resilience Act is now (almost) final, but what does it ACTUALLY mean for open source? It is mostly good news, and there are real opportunities to use the #CRA to our advantage: https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/
EU CRA: What does it mean for open source? - Bert Hubert's writings

The final compromise text of the EU Cyber Resilience Act is now officially available, and various open source voices are currently opining on it. This is a complex act and other parts of the open source world (like the Eclipse Foundation and NLNet Labs) have been hard at work to advocate with the EU and member states to get a CRA that is good for open source. I’ve also been highly critical.

Bert Hubert's writings
Show thread⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️

@bert_hubert no, its still shit ex 10c "under their responsibility." Well, I wrote the MR under a CLA that warrants it's suitability and includes test cases. Seems I'd be responsible, no?

@revk @neil

Dec 30, 2023 at 9:17pmWeb
Show threadbert hubert 🇺🇦🇪🇺🇺🇦Dec 30, 2023
@falken @revk @neil if you sign pieces of paper saying you are responsible, you might perhaps end up being responsible? This does not seem to be a CRA problem.
Show thread⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️Dec 30, 2023
@bert_hubert @revk @neil sure it is if individuals who can't afford a law suit from $corp (meritied or not, malicious or not) are exposed while their own employees are shielded behind lawyers with infinite pockets
Show thread⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️Dec 30, 2023
@bert_hubert @revk @neil unless effectively baning individual contributions, with or with out CLA, is acceptable?
Show threadAlessandro LaiDec 31, 2023
@falken @bert_hubert @revk @neil the actual CRA reports that just contributing doesn't make you liable... If there's a CLA, it depends on what it entails, but I would expect CLAs to be rewritten with the CRA in mind now.
Show thread⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️Dec 31, 2023
@alessandrolai @bert_hubert @revk @neil thanks for the insight