This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/cooperation-wg@ripe.net/
[cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Fri Nov 11 11:29:38 CET 2022
On Thu 10/Nov/2022 19:41:21 +0100 Niall O'Reilly wrote: > On 31 Oct 2022, at 10:14, Alessandro Vesely wrote: > >> What software would you use, a fully certified, professional OS, or a run-at-your-risk >> product by hobbyists who are exempted from security regulations by a compassionate >> exception to the Cyber Resilience Act? > > I don't understand what the point of this (perhaps rhetorical) question is. > > In a former day-job, I've had to deal with a "professional" Linux distro, > whose provider was so risk-averse, and who operated such an ossified > acceptance process for integrating upstream FOSS packages, that the distro > was operationally unfit for purpose unless I chose to do without the > "protection" supposedly provided by the "professional" packaging. Yup, it may well be that the Cyber Resilience Act is going to result in a grossly scatterbrained attempt at imposing rules that nobody will follow. However, I fear the act can be orchestrated with big software producers in such a way that their products only will be able to advertise the certification. > I also know some hobbyists whom I would trust with my personal physical > safety, or even my life. Users at large, however, don't know how software is produced. Branding certification can have an impact on their decisions. A captivating campaign could reduce FOSS market share by a great deal. > The only thing one can be sure of with certification is that the holder > of a certificate managed to pass the test. For fairness, all software producers should have equal opportunities to have their software pass the test. Free software should be tested for free, regardless of what its authors do for a living. > https://dilbert.com/strip/2000-08-31 :-) Best Ale --
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]