Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"

To: debian-vote@lists.debian.org
Subject: Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
From: Ilulu <ilulu@gmx.net>
Date: Sun, 12 Nov 2023 19:11:03 +0100
Message-id: <[🔎] 7393b297-e6e6-4f55-af21-1c89c7f5c628@gmx.net>
In-reply-to: <[🔎] CAMw=ZnSZh_2hSsG-jdRUZAh0bj3D5hEBDnO6VcJxAmTKJL_G_g@mail.gmail.com>
References: <[🔎] ZVDq3YQIgK4nmPTB@novelo> <[🔎] CAMw=ZnQR3ShnuoE8Vx8X9ZoESSUH4Ywgw4nzNK9g1dmb=NaWFA@mail.gmail.com> <[🔎] 353de0b1-dc80-4100-a4ab-1c95e772b51a@gmx.net> <[🔎] CA+QPbz06B226F+V1reT=ya4pEntsvuxwkL7q86q0O+6Jxou_Ew@mail.gmail.com> <[🔎] CAMw=ZnSZh_2hSsG-jdRUZAh0bj3D5hEBDnO6VcJxAmTKJL_G_g@mail.gmail.com>



Am 12.11.23 um 19:01 schrieb Luca Boccassi:

Yes - if it's "made available on the market", which is in the first
bit that was snipped. Pushing a repository on Gitlab is not "making
available on the market".


You are wrong. It is. That's why the proposal has:

"(10d) The sole act of hosting free and open-source software on open
repositories does not in itself constitute making available on the
market of a product with digital elements. As such, most package
managers, code hosting and collaboration platforms should not be
considered as distributors under the meaning of this Regulation."

... which means that GITHUB is not responsible for the repo you pushed.

But you are. You are the manufacturer of that software product, you make
it available, and whether this is "on the market" = commercial depends
on a lot of things: how many donations you get and from whom, who your
employer is, or who else is working on that repo ... and so on,
depending on how the wording of CRA-Recital 10 will turn out in the end.
You better ask your lawyer.

Reply to:

Follow-Ups:
- Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Luca Boccassi <bluca@debian.org>

References:
- Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>
- Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Luca Boccassi <bluca@debian.org>
- Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Ilulu <ilulu@gmx.net>
- Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
  - From: Luca Boccassi <bluca@debian.org>

Prev by Date: Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
Next by Date: Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
Previous by thread: Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
Next by thread: Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
Index(es):
- Date
- Thread