Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"
On Wed, 22 Nov 2023 at 20:35, Bart Martens <bartm@debian.org> wrote:
>
> On Wed, Nov 22, 2023 at 06:46:06PM +0000, Luca Boccassi wrote:
> > On Wed, 22 Nov 2023 at 09:28, Bart Martens <bartm@debian.org> wrote:
> > >
> > > On Tue, Nov 21, 2023 at 09:14:05AM +0100, Thomas Goirand wrote:
> > > > I feel like we're getting trapped by big corp and their lobbying
> > > > power, and we need to use stronger words.
> > >
> > > Probably in a different way. I'd rather prefer Debian to defend the DFSG,
> > > including DFSG 6. If the EU were to draw a line for compulsory liability, then
> > > it should not be between commercial and nonprofit, but rather between FOSS and
> > > non-FOSS. For example, in my opinion "awscli" is FOSS, and the usual liability
> > > disclaimer in FOSS licenses should also be valid for "awscli". This is, in my
> > > understanding, a different opinion than discussed so far, right?
> >
> > That would not be a good outcome. Just because a smartphone ships open
> > source software, it doesn't mean its vendor should get away with not
> > providing security updates after a few months, causing the phone
> > owners to lose their data or worse.
>
> That is a different case. The user of a smartphone depends on the vendor for
> keeping the smarthpone safe for use during a reasonable time after purchase.
> I follow you on that.
It's not really different, if you can get out of security maintenance
of some software just because of its license, then it affects any
product using software. That would be quite an obvious loophole to
take advantage of, and that's probably why the distinction in these
regulations is never on the license, but on whether it's a commercial
activity or not.
Reply to: