Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Oct 2023 23:47:34 +0200
From: Solar Designer <>
Subject: Re: European Union Cyber Resilience Act (CRA)

On Sun, Oct 08, 2023 at 01:56:15PM -0700, Jean Luc Picard wrote:
> These people are not developers live & govern a part of earth ripe with
> anti-communist/socialist sentiment.

Let's avoid non-essential references to political sentiments here.

> If you were to explain to them that
> their cellphones security is protected by things like 'community' &
> 'sharing', they'd likely blow a gasket.

Oh, they're well aware of that.  From the Apache Foundation blog post:

"The current definitions3 are such that the CRA applies to the ASF, all
of its (volunteer) developers, and all our output. And, as the ASF
understands from its meeting with policy makers, this was intentional."

"As the regulation of open source is intentional, and there is also a
lot of common sense, good (open source) practices, in the CRA: the
expectation is that we are past the point where asking for a blanket
exception is productive."

> It appears it's too late to bring
> in the real industry experts into the committee meetings but not too late
> to make a meaningful difference.  That said, the community at large needs
> to prepare for a lull in rights & freedoms.  Perhaps if it got to a point
> to where, like the cookie law, some vital repositories start geoip blocking
> in protest, things might move along.  One thing for sure, things are about
> to get weird.

I advise against premature protests by people who haven't even bothered
to read the available material on the topic.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.