[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"

On Wed, 15 Nov 2023 at 06:23, Lucas Nussbaum <lucas@debian.org> wrote:
>
> On 15/11/23 at 00:49 +0000, Luca Boccassi wrote:
> > What do you think? Here's what I came up with:
>
> Hi,
>
> FWIW, I would likely second something along those lines. Some comments:
>
> >     The Debian project however notes that not enough emphasis has been
> >     employed in all parts of these regulations to clearly exonerate Free
> >     and Open Source Software Projects from being subject to the same
> >     liabilities as commercial products
>
> I find this part a bit ambiguous. When GitLab or Proxmox or RedHat sells
> services around a free software product, I think it's OK if they are
> covered by this regulation. Maybe it would be better with
> s/Projects/Organizations/?
>
> Maybe we should underline specific borderline situations where the
> impact of the regulation would be unclear?

I think the two paragraphs are clearer than that already when taken
together, especially the last bit which essentially boils down to "let
us continue to do what we are doing and go after vendors instead
kkthxbye", but what about this rewording:

The Debian project however notes that not enough emphasis has been
employed in all parts of these regulations to clearly exonerate Free
and Open Source Software developers and maintainers from being subject
to the same liabilities as commercial vendors, which has caused
uncertainty and worry among such stakeholders.

Therefore, the Debian project asks the legislators to enhance the
text of these regulations to clarify beyond any reasonable doubt that
Free and Open Source Software developers and contributors are not going
to be treated as commercial vendors in the exercise of their duties when
merely developing and publishing Free and Open Source Software, with
special emphasis on clarifying grey areas, such as donations,
contributions from commercial companies and developing Free and Open
Source Software that may be later commercialised by a
commercial vendor. It is fundamental for the interests of the
European Union itself that Free and Open Source Software development
can continue to thrive and produce high quality software components,
applications and operating systems, and this can only happen if Free
and Open Source Software developers and contributors can continue to
work on these projects as they have been doing before these new
regulations, without being encumbered by legal requirements that are
only appropriate for commercial companies and enterprises.

> >     , which has caused uncertainty and
> >     worry among Free and Open Source Software developers and stakeholders.
> >
> >     Therefore, the Debian project requests the legislators to enhance the
>
> (minor) s/requests/asks/? (can we request the legislators?)

Sure, I went back-and-forth a few times myself on that phrasing, switched back.
Reply to: