This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/cooperation-wg@ripe.net/
[cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Mon Oct 31 11:14:29 CET 2022
Hi all, I just browsed the ISOC article linked below and it sounds wrong to me. While it is correct to note that "certification will not eradicate bugs even when a manufacturer is fully compliant", trying to exempt FOSS is not the right approach. What software would you use, a fully certified, professional OS, or a run-at-your-risk product by hobbyists who are exempted from security regulations by a compassionate exception to the Cyber Resilience Act? If the point is certification costs, I'd recommend that certification agencies be required to work for a percentage of the cover price of the product they're certifying, which is 0 for most FOSS packages. No exceptions. Best Ale On Tue 25/Oct/2022 10:53:39 +0200 Johan Helsingius wrote: > Hi Maarten, > > Thank you for the heads-up - it is definitely a proposal that > needs to be followed. > > Julf > > On 24-10-2022 14:58, Maarten Aertsen wrote: >> Dear cooperation working group, >> >> I'd like to call your attention to my talk on the draft agenda of the >> open source wg this Wednesday, because I believe it may be of interest to >> members of this group: >> >> On 10/10/2022 18:47, Marcos Sanz wrote: >>> Agenda RIPE 85 Open Source WG Session >>> Wednesday, October 26, 10:30 - 11:30 (CEST) >>> [..] >>> B. "Cyber Resilience Act effects on OSS", Maarten Aertsen, NLnet >>> Labs >>> >>> NLnet Labs is closely following a legislative proposal by the European >>> Commission affecting almost all hardware and software on the >>> European market. The Cyber Resilience Act intends to ensure cybersecurity of >>> products with digital elements by laying down requirements and obligation >>> for economic operators. >>> >>> In this short talk you'll learn what to expect in the Cyber Resilience Act >>> and why this proposal may matter to you as a developer >>> or user of open source software. If so, let's make sure that policy >>> makers take into account its effects on open source development by >>> professional organisations and volunteers alike. >>> >>> Do get in touch with Maarten when you have similar concerns, want to team up >>> or can help us to provide technical expertise in the right places. >> >> If you would like to read a little more on the topic, Olaf Kolkman has just >> published a blog post on the same topic at the Internet Society blog [1]. >> >> I'm new to this community: don't be shy and talk to me :-) >> >> kind regards, Maarten >> >> [1] >> https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/ >> > >
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]