João Costa
@JD557@blog.joaocosta.eu
Follow
Portuguese software engineer at Kevel.
My instance is running on a small server so please #nobot
- GitHub
- Itch.io
"Better late than never", a we could say. But isn't too late?
Managers have been informed more than 25 years ago...
@EUCommission FOSS has been too much of a success for the EU's comfort. "High quality software, being produced outside of capitalism and government regulations? Quick, regulate it before the plebs realise we're a parasitic superstructure!"
@EUCommission About also "freedom" (FSFE dot org / @fsfe) https://en.wikipedia.org/wiki/Free_Software_Foundation_Europe
@EUCommission
C'est bien. Mais que faites-vous à propos des outils de paiement? Nous attendons d'urgence un équivalent EU à Mastercard, Visa, Paypal, etc
@EUCommission EU: They mean well, but they always make a mess of things.
@EUCommission
Thank you for posting on the Fediverse!
"Europe champions digital freedom and its open source community"
Yeah, meanwhile, support the US Tech-Nazis, follow us on their platforms and add to their wealth. Heil Edolf Muskler.
@EUCommission „Be open. Be bold. Be a circle of stars?“ 🤔
@EUCommission If you *really* care about open source, please end Google's use of remote attestation (through Play Integrity) to push open source competitors out of the market.
I can understand that banks and governments want remote attestation, but it should be open to all players, not Google, nor a company cartel.
☮ ⏚🔻And what about #ChatControl 1.0 ?
You’re not completely making fun of us, are you?
@EUCommission Awesome, I really like this.
Lets now repel the mess Digital Omnibus enables with the simplification of GDPR and think of more meaningful way.
(Or if we want to simplify regulations, lets first start with the regulatory mess regarding agriculture)
@EUCommission Frontex muss FOSS nutzen dann wäre alles gut und schön und toll auch
@EUCommission Curious if anyone reading this knows, but is the problem of the original version of this program where it made any volunteer project into an unsustainable red tape hell business project now resolved?
@thibaultmol @EUCommission
"This is why only free and open-source software that is made available on the market, and therefore supplied for distribution or use in the course of a commercial activity, falls in scope of the Cyber Resilience Act."
Second paragraph of the link.europa.eu/Jc7hBy .
In short, if any FOSS app isn't offer commercialy, sold, etc. it shouldn't be fined.
@The_Universality@mastodon.novotnykrystof.com @thibaultmol@en.osm.town @EUCommission@ec.social-network.europa.eu
But isn't that contradicted by the next paragraph?
Furthermore, recognising the importance for cybersecurity of many products with digital elements qualifying as free and open-source software that are published, but not made available on the market within the meaning of the CRA, the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products which are intended for commercial activities, and who play a main role in ensuring their viability, and are subject to a light-touch and tailor-made regulatory regime.
So if you have a big non-commercial project (I assume something like curl), you might still fall under the CRA, it's just that you won't be fined.
@JD557 @thibaultmol @EUCommission Yes, you are correct.
I just badly phrased my reply, let me fix that.
@thibaultmol@en.osm.town @EUCommission@ec.social-network.europa.eu also curious about this... From the announcement, I see:
[...] free and open-source software that are published, but not made available on the market [...], the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products [...], and are subject to a light-touch and tailor-made regulatory regime.
So, I believe that if a volunteer project is big enough, the maintainers become "open-source stewards"
Open-source software stewards are subject to the obligations laid down in Article 24, notably [list of obligations]
And it appears that there are some obligations for volunteers... BUT:
In accordance with Article 64(10), open-source software stewards are not subject to administrative fines for infringements of the CRA.
So... Volunteers have obligations, but there are no consequences?
Not sure what to take of this, but I hope the EU doesn't punish volunteers just because their projects became too successful.
@JD557 @thibaultmol @EUCommission
this
"[...] provide support on a sustained basis for the development [...]"
almost makes it sound like these stewards would be dedicated people who'd interface between the regulatory regime (and it's security requirements) and the maintainers, like some sort of dedicated "office for supporting important projects", but that seems too good to be true
Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy