[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"

You are mixing up completely unrelated things. Commercial entities and software coming from it have nothing to do with commercial activity.

The commercial activity is what *you* are doing with the software. It is completely irrelevant where you got it from or if you wrote it.

If you are doing commercial activity and are getting QT as a commercial product from a commercial entity, then it is *easier* for 
you - you can simply delegate the security responsibilities of that part of your software stack up to the QT commercial entity 
and you just need to take care of the rest of the stack, which you are *selling* to your customers (commercial activity!).

Whether accepting donations *in general* makes your activity in providing software a "commercial activity" in the context of
this directive proposal is not really a supported notion in the text. There are a few specific examples of what does make
a "commercial activity" in point 10, but none of those examples directly apply to general donations to a project or person.

On Mon, 13 Nov 2023 at 15:20, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com> wrote:
On Mon, 13 Nov 2023 at 09:54, Aigars Mahinovs <aigarius@gmail.com> wrote:
>
> On Mon, 13 Nov 2023 at 13:29, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com> wrote:
>>
>> On Mon, 13 Nov 2023 at 07:55, Aigars Mahinovs <aigarius@gmail.com> wrote:
>> [snip]
>> > Even regardless of the specific legal wording in the legislation itself, the point 10
>> > of the preamble would be enough to to fix any "bug" in the legislation in
>> > post-processing via courts. As in - if any interpretation of the wording of the
>> > directive is indeed found to be hampering open source development,
>> > then it is clearly in error and contrary to the stated intent of the legislation.
>>
>> According to the current wording if, for some reason, I am held to be
>> responsible for $whatever, then I should go to court. Me, who lives in
>> south america (because yes, they are looking for culprits no matter
>> where they live). They already won.
>>
>> So, why not try and get the wording correctly from starters?
>
>
> IANAL, but to me the wording seems correct. As long as you are not explicitly conducting commercial activity in
> direct relation to this product to a customer in the EU, none of this applies to you.
>
> If you *are* engaged in commercial activity with customers in the EU, then the EU wants to protect its people and
> also keep up the general hygiene of the computing environment in the EU to a certain level.

That's where I see things differently. With the current wording
someone could say: Debian receives donations and thus is a commercial
entity (look at the text!) Then if Qt comes from a commercial entity
and Debian is a commercial entity then anyone using Qt trough Debian
is doing a commercial activity.

Call me nuts, but that's the way I read it, at least for the moment.

--
Lisandro Damián Nicanor Pérez Meyer
https://perezmeyer.com.ar/


--
Best regards,
    Aigars Mahinovs
Reply to: