Irenes (many)this whole conflict wherein multinational corporations demand unpaid labor from hobbyists is only happening because the free software movement has built stuff that capital is not capable of building for itself
just so we're clear
like, there have been plenty of proprietary Unix systems but please notice how it was always the community around them that built out the ecosystem into something pleasant to use
if this whole financial risk-assessment thing were truly the highest goal to the companies demanding we all do their security work for them, the clear choice would be to not leverage free software or open source at all, right?
but that's not an option companies consider, because it would cost more
tariq@ireneista the fundamental problem with the theory that open source can be sponsored well by corporations is the fact that fundamentally the incentives are driven by private equity and an unhealthy disregard to any investment in meaningful security/privacy/system integrity. Rationally it would make sense, but we’re in a system driven by greed.
David Chisnall (*Now with 50% more sarcasm!*)This is precisely what regulations like the CRA are designed to address. You can incorporate any F/OSS code you want into your project, but you are liable for security flaws (with some wooly definitions and a recognition that the industry is in such a poor state that everything is insecure, it just has to not be stupidly insecure). That is intended to give an incentive for people to invest in security aspects of F/OSS projects.
@david_chisnall @tariq yeah that one's at the front of the queue of laws we need to read the full text of.... sigh. having informed opinions is hard work :/