The EU Cyber Resilience Act will effectively make open-source software illegal, and that sure as hell isn’t pro-consumer. Neither is all the spooky surveillance and crippled cryptography they keep trying to mandate.
Yeah, it’s always very two sided with the EU. On the one hand it brings forward a lot of progressive and positive change, on the other hand it’s used to “quietly” walk around the local political climate. Political actors push unpopular things on the EU level, but as soon as people catch wind of it, they market themselves as always having disagreed with them. They often keep pushing for it anyway, because people really don’t notice things on the EU level. Everybody only ever pays attention to the national sphere of politics.
In German politics it’s often the case that high-ranking national politicians that “fail” in the public eye are pushed higher up into the EU level. Take Ursula von der Leyen for example. Too many scandals in Germany, immediately pushed out of the way and now holds an important position in the EU.
Really? According to this site they claim that “The Cyber Resilience Act should only apply to free open-source software that is developed or supplied in the course of commercial activity.” While that could be a broad scope, I don’t think it applies to most FOSS. Linux is really the big thing I see it applying to and Linux is very Cyber secure, so I don’t really see issues there.
Are there other parts of the law that ban FOSS? Or is that site too pro EU and glosses over the bad parts?
According to this site they claim that “The Cyber Resilience Act should only apply to free open-source software that is developed or supplied in the course of commercial activity.”
Almost all FOSS development happens as part of a commercial activity.
The most obvious example is of course corporate sponsorship of FOSS projects, but even things like pull requests submitted to FOSS libraries by corporate employees qualify as “develop[ment] in the course of commercial activity”.
Linux is really the big thing I see it applying to and Linux is very Cyber secure, so I don’t really see issues there.
Linux does not and cannot comply with the demands of the Cyber Resilience Act. For example, the Act demands automatic update installation, which within a kernel is infeasible and unsafe. Linux will be illegal in the EU.
Furthermore, no company in its right mind is going to sponsor, or allow its employees to contribute to, any FOSS project if doing so creates the risk of fines. All corporate sponsorship of and contribution to FOSS projects—which, once again, is responsible for almost all FOSS development—will completely and instantly disappear in the EU, severely damaging the worldwide FOSS movement.
Needless to say, this proposal is catastrophically bad.
The EU Cyber Resilience Act will effectively make open-source software illegal, and that sure as hell isn’t pro-consumer. Neither is all the spooky surveillance and crippled cryptography they keep trying to mandate.
Yeah, it’s always very two sided with the EU. On the one hand it brings forward a lot of progressive and positive change, on the other hand it’s used to “quietly” walk around the local political climate. Political actors push unpopular things on the EU level, but as soon as people catch wind of it, they market themselves as always having disagreed with them. They often keep pushing for it anyway, because people really don’t notice things on the EU level. Everybody only ever pays attention to the national sphere of politics.
In German politics it’s often the case that high-ranking national politicians that “fail” in the public eye are pushed higher up into the EU level. Take Ursula von der Leyen for example. Too many scandals in Germany, immediately pushed out of the way and now holds an important position in the EU.
Really? According to this site they claim that “The Cyber Resilience Act should only apply to free open-source software that is developed or supplied in the course of commercial activity.” While that could be a broad scope, I don’t think it applies to most FOSS. Linux is really the big thing I see it applying to and Linux is very Cyber secure, so I don’t really see issues there.
Are there other parts of the law that ban FOSS? Or is that site too pro EU and glosses over the bad parts?
Almost all FOSS development happens as part of a commercial activity.
The most obvious example is of course corporate sponsorship of FOSS projects, but even things like pull requests submitted to FOSS libraries by corporate employees qualify as “develop[ment] in the course of commercial activity”.
Linux does not and cannot comply with the demands of the Cyber Resilience Act. For example, the Act demands automatic update installation, which within a kernel is infeasible and unsafe. Linux will be illegal in the EU.
Furthermore, no company in its right mind is going to sponsor, or allow its employees to contribute to, any FOSS project if doing so creates the risk of fines. All corporate sponsorship of and contribution to FOSS projects—which, once again, is responsible for almost all FOSS development—will completely and instantly disappear in the EU, severely damaging the worldwide FOSS movement.
Needless to say, this proposal is catastrophically bad.