[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"

On Wed, 15 Nov 2023 at 13:53, Lucas Nussbaum <lucas@debian.org> wrote:
>
> On 15/11/23 at 11:38 +0000, Luca Boccassi wrote:
> > On Wed, 15 Nov 2023 at 06:23, Lucas Nussbaum <lucas@debian.org> wrote:
> > >
> > > On 15/11/23 at 00:49 +0000, Luca Boccassi wrote:
> > > > What do you think? Here's what I came up with:
> > >
> > > Hi,
> > >
> > > FWIW, I would likely second something along those lines. Some comments:
> > >
> > > >     The Debian project however notes that not enough emphasis has been
> > > >     employed in all parts of these regulations to clearly exonerate Free
> > > >     and Open Source Software Projects from being subject to the same
> > > >     liabilities as commercial products
> > >
> > > I find this part a bit ambiguous. When GitLab or Proxmox or RedHat sells
> > > services around a free software product, I think it's OK if they are
> > > covered by this regulation. Maybe it would be better with
> > > s/Projects/Organizations/?
> > >
> > > Maybe we should underline specific borderline situations where the
> > > impact of the regulation would be unclear?
> >
> > I think the two paragraphs are clearer than that already when taken
> > together, especially the last bit which essentially boils down to "let
> > us continue to do what we are doing and go after vendors instead
> > kkthxbye", but what about this rewording:
> >
> > The Debian project however notes that not enough emphasis has been
> > employed in all parts of these regulations to clearly exonerate Free
> > and Open Source Software developers and maintainers from being subject
> > to the same liabilities as commercial vendors, which has caused
> > uncertainty and worry among such stakeholders.
> >
> > Therefore, the Debian project asks the legislators to enhance the
> > text of these regulations to clarify beyond any reasonable doubt that
> > Free and Open Source Software developers and contributors are not going
> > to be treated as commercial vendors in the exercise of their duties when
> > merely developing and publishing Free and Open Source Software, with
> > special emphasis on clarifying grey areas, such as donations,
> > contributions from commercial companies and developing Free and Open
> > Source Software that may be later commercialised by a
> > commercial vendor. It is fundamental for the interests of the
> > European Union itself that Free and Open Source Software development
> > can continue to thrive and produce high quality software components,
> > applications and operating systems, and this can only happen if Free
> > and Open Source Software developers and contributors can continue to
> > work on these projects as they have been doing before these new
> > regulations, without being encumbered by legal requirements that are
> > only appropriate for commercial companies and enterprises.
>
> This looks better, thanks!
>
> I wonder if we should have something like "Free software development by
> nonprofit organizations" somewhere. I agree that are many situations
> where development happens outside of the context of an NPO, and where
> this regulation should not apply. But it might be easier for Debian to
> focus on its own context.

How about:

...if Free and Open Source Software developers and contributors can continue to
work on these projects as they have been doing before these new
regulations, especially but not exclusively in the context of
nonprofit organizations,
without being encumbered by legal requirements that are only appropriate for
commercial companies and enterprises.
Reply to: