Post Aw1HkRTwTK21klY4ZM by mainec@fromm.social
 (DIR) More posts by mainec@fromm.social
 (DIR) Post #Aw18AvFPQZgA3bjs4e by bagder@mastodon.social
       2025-07-11T07:44:17Z
       
       1 likes, 1 repeats
       
       It has officially begun. The CRA info request counter is no longer at zero.
       
 (DIR) Post #Aw18AwuZF2CDDY0Frk by bagder@mastodon.social
       2025-07-11T07:49:19Z
       
       1 likes, 0 repeats
       
       "We kindly request your response by Friday, July 25, 2025"...
       
 (DIR) Post #Aw18Ay9Ud1jH47zglk by shalien@mastodon.projetretro.io
       2025-07-11T07:50:55Z
       
       0 likes, 0 repeats
       
       @bagder Wait until they discover libcurl is used in almost everything x)
       
 (DIR) Post #Aw1EQURdRm4PHvGQgy by fubaroque@mastodon.social
       2025-07-11T08:42:32Z
       
       0 likes, 0 repeats
       
       @bagder Deadlines… I guess they will stop using curl if you don’t answer by that date. 🤣 🥳
       
 (DIR) Post #Aw1EQW0PdxU084XiXQ by bagder@mastodon.social
       2025-07-11T08:45:33Z
       
       1 likes, 0 repeats
       
       @fubaroque in this case I actually hope that they feel pressured to get "official" answers before that date as it might increase my chances of getting them to pay for my answers.
       
 (DIR) Post #Aw1HjcijCaYWJr4f2G by bagder@mastodon.social
       2025-07-11T08:55:15Z
       
       0 likes, 0 repeats
       
       Here are the nine questions they want answered within two weeks.
       
 (DIR) Post #Aw1Hjd1A63IjF1hNlg by lars@social.secret-wg.org
       2025-07-11T09:07:36Z
       
       0 likes, 0 repeats
       
       @bagder I assume this is not from the EU directly but from someone that integrates curl?
       
 (DIR) Post #Aw1HjdktM1sfWr5u2y by bagder@mastodon.social
       2025-07-11T09:08:53Z
       
       1 likes, 0 repeats
       
       @lars Yes, this comes straight from this company. They don't even say for what product or purpose they use curl.
       
 (DIR) Post #Aw1Hje08RM4eI8E4o4 by thatguyoverthere@shitposter.world
       2025-07-11T09:37:59.824430Z
       
       1 likes, 1 repeats
       
       @bagder @lars This is what you get for doing nice things. are you actually expected to fill these out for everyone in EU that requests it?
       
 (DIR) Post #Aw1HkRTwTK21klY4ZM by mainec@fromm.social
       2025-07-11T09:16:05Z
       
       1 likes, 0 repeats
       
       @bagder @lars and reading the questions they aren't doing any due diligence with their OSS dependencies otherwise they'd be able to answer these questions themselves...
       
 (DIR) Post #Aw1toIoiQV5IIPX6VU by bagder@mastodon.social
       2025-07-11T07:49:53Z
       
       1 likes, 0 repeats
       
       @KevinOfComputer Is Secure Software Development Lifecycle followed? Do you provide regular security updates? Do you have Long Term support? Is appropriate cybersecurity testing followed? etc
       
 (DIR) Post #Aw1tucP4W9UWmOY9xY by bagder@mastodon.social
       2025-07-11T07:51:31Z
       
       1 likes, 0 repeats
       
       I could add that this is a Fortune-500 company with 17 billion USD revenue and they don't have any contract with me nor have I ever communicated with them before.
       
 (DIR) Post #Aw2EnsMEtpe5GsqpoO by bagder@mastodon.social
       2025-07-11T08:18:16Z
       
       0 likes, 0 repeats
       
       Oops, I posted the reply paste in the wrong thread => https://mastodon.social/@bagder/114833547610796013
       
 (DIR) Post #Aw2EntcwBEb3CxfgTg by pro@mu.zaitcev.nu
       2025-07-11T20:39:52.131550Z
       
       0 likes, 0 repeats
       
       @bagder Is that a real contact address?
       
 (DIR) Post #Aw2IegdtUFEY9Cyzuy by 0xabad1dea@infosec.exchange
       2025-07-11T08:31:55Z
       
       1 likes, 0 repeats
       
       @bagder it is emotionally satisfying to see maintainers remind corporations that legal compliance in their own products and services is and always was their own responsibility and not that of Some Random Person In Nebraska
       
 (DIR) Post #Aw2OzTRWMCSl13UUAy by ignaloidas@not.acu.lt
       2025-07-11T22:34:03.112Z
       
       0 likes, 0 repeats
       
       @lanodan@queer.hacktivis.me @mirabilos@toot.mirbsd.org @Diziet@mastodon.me.uk @bagder@mastodon.social @simontatham@hachyderm.io Yeah, with more regulatory stuff coming on, there are way more reason for companies to get some commercial support for FOSS stuff. I could certainly see a place for a company that's just a couple of developers who's whole business model is "hey, we'll give you guarantees and bugfixes for some FOSS libraries that the licenses disclaim for some monthly amount", especially if the guarantees are stuff like CRA.Though, I think it might be sensible to amend the standard "no warranties" text that's in most licenses with a "by using this work you take full responsibility for it" or something like that, to make it more clear that the author isn't in any way responsible for stuff like CRA if people use it.