this post was submitted on 15 Aug 2023
98 points (92.2% liked)
Open Source
31236 readers
259 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is what Claude2 (with 100K context window) has to say about your comment, after I supplied him with the entire proposal of the regulation: Based on my understanding of the Cyber Resilience Act, I don't think that assessment is entirely accurate. The key factor is whether the open source software is placed on the market in the course of commercial activity, not the employment status of individual contributors.
The regulation explicitly excludes open source software developed or supplied outside of commercial activity. As I mentioned before, this means pure community-driven projects where the software is freely shared and open should not fall under the requirements.
It does not matter if some contributors are corporate employees, as long as they contribute to a non-commercial community project in their personal capacity. For example, if a developer who works for Company X contributes code to Project Y in their free time, that alone would not make Project Y commercial.
The regulation would likely apply if a company systematically develops open source software as part of their business model. But just having corporate contributors among many community members would not automatically trigger the rules.
Overall, I think the regulation aims to avoid putting burdens on pure community open source projects, as long as the software is not placed on the market commercially. But the details of implementation will be important to watch to ensure a proper balance is struck.