Hello, I hereby welcome seconds for adding this text to 2023/vote_002 as a separate proposal. START OF PROPOSAL TEXT Debian Public Statement about the EU Cyber Resilience Act (CRA) and the Product Liability Directive (PLD) The CRA includes requirements for manufacturers of software, followed up by the PLD with compulsory liability for software. The Debian project has concerns on the impact on Free and Open-Source Software (FOSS). The CRA makes the use of FOSS in commercial context more difficult. This goes against the philosophy of the Debian project. The Debian Free Software Guidelines (DFSG) include "6. No Discrimination Against Fields of Endeavor - The license must not restrict anyone from making use of the program in a specific field of endeavor." A significant part of the success of FOSS is its use in commercial context. It should remain possible for anyone to produce, publish and use FOSS, without making it harder for commercial entities or for any group of FOSS users. The compulsory liability as meant in the PLD overrules the usual liability disclaimers in FOSS licenses. This makes sharing FOSS with the public more legally risky. The compulsory liability makes sense for closed-source software, where the users fully depend on the manufacturers. With FOSS the users have the option of helping themselves with the source code, and/or hiring any consultant on the market. The usual liability disclaimers in FOSS licenses should remain valid without the risk of being overruled by the PLD. The Debian project asks the EU to not draw a line between commercial and non-commercial use of FOSS. Such line should instead be between closed-source software and FOSS. FOSS should be entirely exempt from the CRA and the PLD. END OF PROPOSAL TEXT
Attachment:
signature.asc
Description: This is a digitally signed message part