7mo ago

What the EU’s new software legislation means for developers

github.blog

29 comments

What a terribly written article. I got half way through and just gave up.
- I saw it was from Microsoft and bailed before it even loaded... the only thing those clowns know about open source is how to try (and fail) to kill it
  
  Listen here Stallman, pedo associate Gates is my hero!
  Thank you github for not banning me ... hopefully not maybe ... yet
  That big bold Thank you didn't hurt one bit
  Try it on for a change!
  
  Going to come out swinging for MSFT
  github provides it's runners generously for free!
  They have not banned me, which is a charm point
  Gitlab, on the other hand! Going to whine about that forever
  Gitlab deletes your account suddenly without recourse or offers a means to communicate with them to resolve issues civilly.
- Oh shiat! You read it?? LOL
  Oh man i had to wipe away some tears
  Now i need to wash my face
I would really appreciate an ELI5, or some examples. For example, would lemmy be regulated by CRA? What about lemmy instances? Is there a difference if there is a fee or a recurrent donations?
- First: IANAL, EU law is complicated. This is my understanding as of now:
  TL;DR: The EU Cyber Resilience Act (CRA) aims to enhance cybersecurity standards for products with digital elements. It introduces mandatory requirements for manufacturers and retailers to ensure cybersecurity throughout a product's lifecycle. The CRA excludes open-source software developers unless their software is used commercially as part of a "product with digital elements".
  would lemmy be regulated by CRA?
  Lemmy, as an open-source project, would likely not be directly regulated by the CRA. The Act specifically excludes open-source developers from its scope unless their software is used commercially.
  Whaz about lemmy instances?
  Lemmy instances might be regulated by the CRA if they are operated commercially as part of a "product with digital Elements". (Is there a pay for access instance or hosting as a service for lemmy? I am not aware of one.) However, since most instances are run non-commercially or for personal use, they would likely fall outside the CRA's scope.
  Is there a difference if there is a fee or a recurrent donations?
  Yes:
  A fee is typically a mandatory payment for a service or product, e.g. a feature locked behind a paywall.
  A recurring donation is a voluntary, regular contribution to support an organization or cause, often without receiving goods or services in return.
  The key distinction lies in the obligation attached to the payment. Fees come with an expectation of receiving something in return, while donations are given freely without such expectations.
  
  so, if a company decides to, for example, start using some MIT licensed software, does that suddenly materialize extra responsibilities for that software's dev?
I'm so surprised to read a Microsoft article written by a former member of the European Parliament from the Pirate Party, even moreso as the president of the lobbying arm of Microsoft.
I was interested in knowing what are the duties of the software providers under the regulation, more than hiw they don't apply to hobbyists, I keep searching for other articles that explain it.
MSFT please send all that love and support by all the bitcoin you are not buying
thank you
-- package maintainers

29 comments