Hi, On 11/15/23 20:27, Aigars Mahinovs wrote:
That is exactly why I think this is dangerous: I want GitLab and
Proxmox
to be responsible for what they release, but it is very difficult to
draw a line between their offering and what Microsoft is doing by
paying
for systemd development while they are also selling Azure cloud.
Why should there be a borderline between that? Microsoft has to be responsible for what they are selling in the Azure cloud (pre-defined images), regardless ofthe systemd developer work.
Yes, but in the other direction we don't want them to be responsible for systemd, because that is still meant to remain a community project even though the lead developers are employees.
I am not convinced the "mere employment does not immediately cause responsibility" is enough of a shield here. It would be, if there wasn't another division of Microsoft that bundled this software and sold services for it, and was therefore required to provide warranties under this regulation to their customers.
Transferring that situation back onto GitLab (because we need one set of regulations that fits all), that would mean that the company was only required to provide security fixes to their paying customers and could leave the "community edition" unpatched.
That would also be a consistent position: "as long as the source code is public under a DFSG-compliant license, the open source exemption should apply even to works produced for commercial gain."
However, I do not think the EU wants an exemption this broad, which is why I see a risk that this threatens the model that systemd is currently developed under.
From my personal perspective on systemd, I don't care much, but with my Debian hat on I think that would be pretty disruptive.
Simon