Shining city of open source, I have to laugh. You provided code, that is in a central place called Github (with an octopus-cat mascot...), that is now used to train LLM models, that will unemploy a lot of developers. It is and was a trojan from the get go. That is your shiny city of open source. Oh, and unless you are a very known entity in the space, you won't get any money for your work. This is the biggest farce ever concocted. Just let FOSS turn into POSS, Paid Open Source Software. It won't happen.
Anyways. I don't really understand what the author is talking here. Seems like he is in a very deep forest. Since the fines start from 5 million eur... The CRA is not about FOSS developers, it's mostly about companies who create devices that we use in our everyday lives.
Apple phones do not auto install updates, now they will. Intel will think twice before implementing some untested shit. Companies will react swiftly when something goes sideways inside their product. If you enter the router market you have to provide security updates for a loooong time, and make sure the default password is not "" or admin...
Everyone, literally everyone shat on security, until now.
> I don't really understand what the author is talking here. Seems like he is in a very deep forest. Since the fines start from 5 million eur... The CRA is not about FOSS developers
But the author’s point is that the law as written, would apply to open source as well. It would create liability for open source contributors even if they have no business relationship to those using this software. That seems bad and it seems like it would greatly benefit deeply pocketed private software companies.
Could you explain why? Are they reading the law incorrectly? Or are you just speculating that in practice it won’t be enforced against open source software even though the law would allow that enforcement?
Pretty sure they're just "sure" nothing bad will happen. I mean, if they're wrong what will happen to them? Nothing. Might as well say random bullshit.
The issue about professional Engineering is kind of ironic, but that is what plenty of countries already do, one doesn't go around calling themselves engineers, unless they actually have at least an Engineering degree from an university certified by the Engineering Order of the country.
Usually what is kind of gray zone is signing delivery contracts as engineer, without having taken the Order admission exam, after finishing the degree.
This is a weird source given its outdated (final draft wasnt ... final) and (given his special religious belief, the American name and he works for an American company) he is American I wouldnt trust it.
" So what if I told you there is a solution that would not only save Open Source, but fund it and improve cybersecurity? Would you believe me?
If you don’t, well, you can quit reading now and pretend ignorance. And don’t let the boot hit you on the way out.
But if you are at least curious, you probably think there is a catch.
I won’t bury it; the catch is this: we must own the responsibility society is trying to give us and act like it!
" The German govertment does actually with the Souvereign fund but I think the market based CRA solution is better.
Anyways. I don't really understand what the author is talking here. Seems like he is in a very deep forest. Since the fines start from 5 million eur... The CRA is not about FOSS developers, it's mostly about companies who create devices that we use in our everyday lives.
Apple phones do not auto install updates, now they will. Intel will think twice before implementing some untested shit. Companies will react swiftly when something goes sideways inside their product. If you enter the router market you have to provide security updates for a loooong time, and make sure the default password is not "" or admin...
Everyone, literally everyone shat on security, until now.