Aigars Mahinovs dijo [Mon, Nov 13, 2023 at 02:46:06PM +0100]: > By now the EU is actually quite used to dealing with volunteer > projects and open source projects in general. So they would not be > surprised in the slightest. And I do not believe it would tarnish > the image of Debian. > > A lot of the same comments *were* communicated to EU Commission and > EU Parliament by IT industry associations, which employ lawyers that > track such things and analyse possible impacts, including towards > open source software, because that is a solid backbone of the modern > digital economy (their words, not mine). And there were indeed many > bugs in earlier revisions of these texts that would have made a bad > impact if implemented as written. > > The EU listens *very* well to national IT associations of the member > states for feedback on such matters and open source experts are very > well represented in those. Opinions of IT people from outside of the > EU are usually not considered to be relevant. As in not adding > anything new that the EU experts have not already considered. > > Volunteer open source projects are seen as ... not being able to > invest sufficient legal understanding into the topics to be able to > contribute to the discussion meaningfully *and* keep up with the > nuanced changes in the proposals over time. > > But umbrella organisations, like EFF are better positioned for this. > See: > https://www.eff.org/deeplinks/2023/10/eff-and-other-experts-join-pointing-out-pitfalls-proposed-eu-cyber-resilience-act > Note how the open source language has become very much softened and nuanced > after changes in the > proposal removed most of the bugs that would have affected open source > previously. This is one of the reasons I really thank Ilu for bringing this to our attention and thoroughly explaining some of the dangers. And for explaining logic as seen from the "lawyer point of view": Even though the legislation can be read as well thought-out and correctly addressing our worris, some spikes and prongs come out of it from which a hostile larty could abuse it and _with a very low bar_ could force Debian, or any individual developer working with Debian, or any other free software project, or even a lonely free software developer doing things for fun "the old-fashioned way" to face a legal process. Legal processes are not met with easy, clear-cut, engineer-like logic, as we are used to. Legal processes must include legal interpretation, argumentations about intent and reach, harmonization with local and supranational laws, and whatnot. Ilu _is_ a lawyer, and very well aligned with Debian and with free software in general. And I don't think I'm overstepping in Ilu's closely guarded privacy (which is also a great thing), but I'm sure we would all have a sure ally in here if we were to need a lawyer in fighting such a demand. And you mention *great* organizations such as the EFF. But were we to face a hostile threat, be it from individuals or from companies... I fear it could mean a very considerable resource drain and –as Scott K. made clear yesterday– can lead to an important reduction in volunteer engagement, both in our project and in the free software ecosystem.
Attachment:
signature.asc
Description: PGP signature