this post was submitted on 19 Jul 2023
431 points (100.0% liked)

Memes

1357 readers
4 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] argv_minus_one 2 points 1 year ago* (last edited 1 year ago)

According to this site they claim that “The Cyber Resilience Act should only apply to free open-source software that is developed or supplied in the course of commercial activity.”

Almost all FOSS development happens as part of a commercial activity.

The most obvious example is of course corporate sponsorship of FOSS projects, but even things like pull requests submitted to FOSS libraries by corporate employees qualify as “develop[ment] in the course of commercial activity”.

Linux is really the big thing I see it applying to and Linux is very Cyber secure, so I don’t really see issues there.

Linux does not and cannot comply with the demands of the Cyber Resilience Act. For example, the Act demands automatic update installation, which within a kernel is infeasible and unsafe. Linux will be illegal in the EU.

Furthermore, no company in its right mind is going to sponsor, or allow its employees to contribute to, any FOSS project if doing so creates the risk of fines. All corporate sponsorship of and contribution to FOSS projects—which, once again, is responsible for almost all FOSS development—will completely and instantly disappear in the EU, severely damaging the worldwide FOSS movement.

Needless to say, this proposal is catastrophically bad.