This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[opensource-wg] concern re: Cyber Resilience Act effects on open source?
- Previous message (by thread): [opensource-wg] concern re: Cyber Resilience Act effects on open source?
- Next message (by thread): [opensource-wg] concern re: Cyber Resilience Act effects on open source?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victoria Risk
vicky at isc.org
Tue Nov 29 14:40:54 CET 2022
> On Nov 29, 2022, at 6:56 AM, Michele Neylon - Blacknight via opensource-wg <opensource-wg at ripe.net> wrote: > > Maarteen > > I think the way they’ve framed commercial activity is problematic. > It’s also inconsistent with other EU legislation where they’ve specifically carved out smaller businesses, which they should be doing here as well. > TLDR – I’m not going to lose sleep if RedHat have to do something, but I really don’t want a small open source software company with a handful of staff to be forced to meet the same criteria as a multi-billion dollar company. Michele, Amen! This is exactly my concern. The CRA could have the effect of putting the small open source companies out of business in Europe. ISC, my employer, is ~35 people, so not *tiny*, but we would certainly struggle to meet all of the CRA requirements for our two major open source projects, BIND 9 and Kea DHCP. The impact would be to take resources away from other important work, such as fixing bugs, writing useful documentation, etc. We have been reporting vulnerabilities responsibly for years, signing our code, etc, so most of the provisions would not be new to us, but … Currently we do monthly development releases - would we have to go through some rigamarole for each release?? It would certainly be the end of monthly updates. Regards, Vicky Risk, isc.org > > Regards > > Michele > > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ <https://www.blacknight.com/> > https://blacknight.blog/ <https://blacknight.blog/> > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ <https://michele.blog/> > Some thoughts: https://ceo.hosting/ <https://ceo.hosting/> > ------------------------------- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/opensource-wg/attachments/20221129/a5995cb3/attachment-0001.html>
- Previous message (by thread): [opensource-wg] concern re: Cyber Resilience Act effects on open source?
- Next message (by thread): [opensource-wg] concern re: Cyber Resilience Act effects on open source?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]