Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
On 15/11/23 at 14:13 +0000, Luca Boccassi wrote:
> On Wed, 15 Nov 2023 at 13:53, Lucas Nussbaum <lucas@debian.org> wrote:
> >
> > On 15/11/23 at 11:38 +0000, Luca Boccassi wrote:
> > > On Wed, 15 Nov 2023 at 06:23, Lucas Nussbaum <lucas@debian.org> wrote:
> > > >
> > > > On 15/11/23 at 00:49 +0000, Luca Boccassi wrote:
> > > > > What do you think? Here's what I came up with:
> > > >
> > > > Hi,
> > > >
> > > > FWIW, I would likely second something along those lines. Some comments:
> > > >
> > > > > The Debian project however notes that not enough emphasis has been
> > > > > employed in all parts of these regulations to clearly exonerate Free
> > > > > and Open Source Software Projects from being subject to the same
> > > > > liabilities as commercial products
> > > >
> > > > I find this part a bit ambiguous. When GitLab or Proxmox or RedHat sells
> > > > services around a free software product, I think it's OK if they are
> > > > covered by this regulation. Maybe it would be better with
> > > > s/Projects/Organizations/?
> > > >
> > > > Maybe we should underline specific borderline situations where the
> > > > impact of the regulation would be unclear?
> > >
> > > I think the two paragraphs are clearer than that already when taken
> > > together, especially the last bit which essentially boils down to "let
> > > us continue to do what we are doing and go after vendors instead
> > > kkthxbye", but what about this rewording:
> > >
> > > The Debian project however notes that not enough emphasis has been
> > > employed in all parts of these regulations to clearly exonerate Free
> > > and Open Source Software developers and maintainers from being subject
> > > to the same liabilities as commercial vendors, which has caused
> > > uncertainty and worry among such stakeholders.
> > >
> > > Therefore, the Debian project asks the legislators to enhance the
> > > text of these regulations to clarify beyond any reasonable doubt that
> > > Free and Open Source Software developers and contributors are not going
> > > to be treated as commercial vendors in the exercise of their duties when
> > > merely developing and publishing Free and Open Source Software, with
> > > special emphasis on clarifying grey areas, such as donations,
> > > contributions from commercial companies and developing Free and Open
> > > Source Software that may be later commercialised by a
> > > commercial vendor. It is fundamental for the interests of the
> > > European Union itself that Free and Open Source Software development
> > > can continue to thrive and produce high quality software components,
> > > applications and operating systems, and this can only happen if Free
> > > and Open Source Software developers and contributors can continue to
> > > work on these projects as they have been doing before these new
> > > regulations, without being encumbered by legal requirements that are
> > > only appropriate for commercial companies and enterprises.
> >
> > This looks better, thanks!
> >
> > I wonder if we should have something like "Free software development by
> > nonprofit organizations" somewhere. I agree that are many situations
> > where development happens outside of the context of an NPO, and where
> > this regulation should not apply. But it might be easier for Debian to
> > focus on its own context.
>
> How about:
>
> ...if Free and Open Source Software developers and contributors can continue to
> work on these projects as they have been doing before these new
> regulations, especially but not exclusively in the context of
> nonprofit organizations,
> without being encumbered by legal requirements that are only appropriate for
> commercial companies and enterprises.
Great thanks!
Lucas
Reply to: