fsebugoutzone.org:9999

       Post AV0p91XmASEnucshcm by maarten@techpolicy.social
 (DIR) More posts by maarten@techpolicy.social
 (DIR) Post #AV0p8xuJghtKdNOeCe by maarten@techpolicy.social
       2023-04-25T10:57:57Z
       
       0 likes, 1 repeats
       
       RIPE NCC spoke up on the #CRA&#39;s implications for #OpenSource in a letter to ITRE MEPs last week, after consulting the RIPE community.Short thread with quotes from the letter.https://www.ripe.net/participate/internet-governance/multi-stakeholder-engagement/ripe-ncc-letter-to-itre-on-cra.pdf#CyberResilienceAct
       
 (DIR) Post #AV0p8zFcgyWqnkNB3I by maarten@techpolicy.social
       2023-04-25T10:58:33Z
       
       0 likes, 0 repeats
       
       &quot;The RIPE NCC would like to use this opportunity to reiterate the RIPE community’s concerns regarding the limited exemption, formulated in Recital 10 of the CRA, for the development and making available of open-source software. We do so in our role as secretariat for RIPE, which is an open, inclusive community that welcomes the participation of anyone with an interest in IP- based networking.&quot;
       
 (DIR) Post #AV0p90PwM6NMQ2Cvlw by maarten@techpolicy.social
       2023-04-25T10:59:23Z
       
       0 likes, 0 repeats
       
       Quoting @webmink:&quot;As open source veteran and expert Simon Phipps has said, ‘Open source is an artefact arising from the interactions of a community of contributors with no contractual binding between them beyond the open source licence itself, which disclaims all warranties and has no conduit for funds’.&quot;
       
 (DIR) Post #AV0p91XmASEnucshcm by maarten@techpolicy.social
       2023-04-25T11:00:28Z
       
       0 likes, 0 repeats
       
       &quot;For the CRA to reach the goal of reducing product vulnerability, it also needs to reduce vulnerability in open-source software — an aim the RIPE NCC strongly supports.The lack of clarity surrounding the notion of “commercial activity” referred to in Recital 10 however, is what creates uncertainty for, and risks placing undue regulatory burden on, those from the community who contribute to open-source software and its security without the intent of making a profit as a result of its later use.&quot;
       
 (DIR) Post #AV0p92XoRnrT11uFJw by maarten@techpolicy.social
       2023-04-25T11:00:59Z
       
       0 likes, 1 repeats
       
       &quot;The Blue Guide does not give sufficient clarity as to when open-source software is considered to be developed or supplied in the course of a commercial activity. We therefore urge ITRE / IMCO to provide a clearer definition of what constitutes open-source software that is not within the scope of the proposed CRA.&quot;