"This blog concludes a 17-month journey to understand the #EU's attempt to regulate software with the #CRA. I engaged in this policy process in an effort to minimise damage to the practice of free and #opensource software development.
"#FOSS policy engagement: a #CyberResilienceAct retrospective" features my struggle to understand how Brussels works, roughly on a chronological timeline."
#cyberresilienceact Regulation does not cover non-commercial projects. Regarding conformity assessment: For #foss self-assessment possible unless critical products (only hardware), open-source software is excluded. #fosdem2024
#cyberresilienceact is nearly finished. Much more open-source elements in the final version. Closed several holes of the law. CE mark will also cover security mechanisms in near future. #fosdem#fosdem2024
Come experiment with us at #FOSDEM: we’re bringing policy makers and developers together in an EU policy devroom to discuss impending legislation with relevance to #foss. There are four two-hour blocks you can attend, on Sunday Feb 4th.
Toller Artikel bei #Heise: "#Linux: Kernel-Entwickler drücken freie Grafiktreiber durch
Selbst Schwergewichte der Grafikchip-Branche sind eingeknickt und bieten mittlerweile quelloffene #Kernel-Treiber an. Anwendern verschafft das Freiraum."
@fj I love Debian to bits. But its statement on the #CyberResilienceAct is based on old text. I suppose that's inherent in commenting on a draft that is evolving behind closed doors. But now the actual text is public, a number of worries in the Debian statement are no longer an accurate reflection of reality.
@maarten@bert_hubert@fj People (Debian Developers) voted on different number of texts on ballot. This is a text that should have come from DPL (with paid lawyers on contract) and not from bunch of people who don’t have time to properly study the context.
I opened the ballot and closed it because how the hell I should know which is the proper one? This is not something you can vote with gut feeling.
This doesn't mean we won't have a major step in security requirements coming from users and devs, raising their expectations.
In #QGIS project, we already see a lot more messages to forward vulnerabilities.
I am still unsure if open source with open core model will be concerned though.
The #EU has been making a lot of bad decisions recently (#eIDAS#ChatControl, #CyberResilienceAct and others...) in particular when it comes to the open source community.
I've been working in the institutions for two years and am considering launching a wiki to explain how to better influence EU decision making, would this interest anyone?
EDIT: I somehow managed to make the poll 5 minutes, sorry!