this post was submitted on 15 Aug 2023
98 points (92.2% liked)

Open Source

31359 readers
162 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Since the EU is bringing an act , that needs the products distributed to be flawless , and it applies to open source products too , if a single of their contributor / donor works for a corporate , what will be the future of FOSS in europe with this ?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] jungekatz@lib.lgbt 9 points 1 year ago (1 children)

They consider foss products out of this requirement , only when the contributors are volunteers who are not working or are employed by a company !! Or get a corporate donation, if even one person contributing to the project is a corporate employee they need to go with the crazy rules they have laid !!

[โ€“] G020B@lemmy.zip 3 points 1 year ago

This is what Claude2 (with 100K context window) has to say about your comment, after I supplied him with the entire proposal of the regulation: Based on my understanding of the Cyber Resilience Act, I don't think that assessment is entirely accurate. The key factor is whether the open source software is placed on the market in the course of commercial activity, not the employment status of individual contributors.

The regulation explicitly excludes open source software developed or supplied outside of commercial activity. As I mentioned before, this means pure community-driven projects where the software is freely shared and open should not fall under the requirements.

It does not matter if some contributors are corporate employees, as long as they contribute to a non-commercial community project in their personal capacity. For example, if a developer who works for Company X contributes code to Project Y in their free time, that alone would not make Project Y commercial.

The regulation would likely apply if a company systematically develops open source software as part of their business model. But just having corporate contributors among many community members would not automatically trigger the rules.

Overall, I think the regulation aims to avoid putting burdens on pure community open source projects, as long as the software is not placed on the market commercially. But the details of implementation will be important to watch to ensure a proper balance is struck.