[opensource-wg] concern re: Cyber Resilience Act effects on open source?

good afternoon list, · Mon Nov 28 17:59:53 CET 2022

+1 to this.

Although I don't understand too much of the legal stuff, my concern is
mostly with: "can I be held liable for something I wrote in my spare time
for fun?"

I am currently feeling like I am bitten twice by the same snake: I (as the
owner of a piece of software) can be held liable if that piece of software
gets used in someone else's business product, and because I use a lot of
AI, I am also responsible if that AI model is used by that piece of
software decides to go haywire. Do I really need to get a signature of
conformity if I want to build SkyNet? Meanwhile, I have toys "made in
China" with CE markings that simply lack the most basic security features,
and they ask me to pay for an audit...

Jokes aside, does this mean that Linux now needs a CE label? If so, what if
they simply say "no" and block access to the EU? Think of the implications
when that would happen...

Julius

Op ma 28 nov. 2022 15:59 schreef Maarten Aertsen <maarten at nlnetlabs.nl>:

> good afternoon list,
>
> I would like to understand the number of people/organisations on this
> list who are concerned about the European Commission's Cyber Resilience
> Act proposal effects on open source software development.
>
> This topic was presented at RIPE85 [1] and covered in a recent blog (see
> below, should have cross-posted), which was republished at RIPE Labs
> last week:
>
>
> https://labs.ripe.net/author/maarten-aertsen/open-source-software-vs-the-proposed-cyber-resilience-act/
>
> You would help both me and RIPE NCC staff that are tracking the proposal
> by speaking up on list. Answers by both developers and users are valuable.
>
> A simple +1 is fine. Thanks.
>
> kind regards, Maarten
>
>
> -------- Forwarded Message --------
> Subject: Re: [cooperation-wg] Cyber Resilience Act effects on OSS on
> agenda of open source-wg
> Date: Mon, 14 Nov 2022 09:38:00 +0100
> From: Maarten Aertsen <maarten at nlnetlabs.nl>
> To: cooperation-wg at ripe.net
>
> Good morning,
>
> I just published an extended, written version of my RIPE talk in the
> open-source wg [1] with NLnet Labs' perspective on the European
> Commission's proposal for a Cyber Resilience Act vs. Open Source:
>
> https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
>
> We feel the current proposal misses a major opportunity. The CRA could
> bring support to open-source developers maintaining the critical
> foundations of our digital society. But instead of introducing
> incentives for integrators or financial support, the current proposal
> will overload small developers with compliance work.
>
> At the same time, this is only the Commission's proposal. I hope there
> is opportunity to raise awareness and influence the coming positions and
> negotations.
>
> I'm very grateful to the many people in the RIPE community that talked
> to me after my presentation. I feel my understanding of the issue is
> improving. Curious to hear what you think, how you feel this affects the
> projects you rely on and what we have yet to learn about the implications.
>
> kind regards, Maarten
>
> [1] https://ripe85.ripe.net/archives/video/911
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or
> change your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/cooperation-wg
>
> _______________________________________________
> opensource-wg mailing list
> opensource-wg at ripe.net
> https://mailman.ripe.net/
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://mailman.ripe.net/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/opensource-wg/attachments/20221128/a20c83fa/attachment.html>