[opensource-wg] concern re: Cyber Resilience Act effects on open source?

hi Michele,

Thanks for taking the time to respond, I really appreciate that.

On 28/11/2022 18:09, Michele Neylon - Blacknight wrote:
> Maybe I’m missing something, but the draft language **excludes** open 
> source software [..]

"Yes*, but with a /very big asterisk/" (quoting from [1])

I am really thankful that an exception, even a limited one, made it at all.

And at the same time, this may draw our attention away from the facts 
that the current proposal:

   1. misses an opportunity to actually support the open source work our 
society depends on (in any way: acknowledgement, incentives to 
contribute, financial, liability, ..)
   2. creates a new barrier to people or projects that move from 100% 
volunteer-effort to having some income by introducing compliance work 
that may be hard to be met by small or cash-strapped developers.

I'm curious about your thoughts on the concept of "commercial activity" 
as it applies to software you write or use. I hope my writing on its 
role in the CRA is of any help.

kind regards, Maarten

[1] 
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/#but-wait-isnt-there-an-exception-for-open-source

-- 
Maarten Aertsen
   senior internet technologist, NLnet Labs