Is there concern what the EU CRA could mean to FreeBSD regarding open source software being used in FreeBSD and how that may impact commercial companies such as Netflix that use FreeBSD downstream and contribute back to upstream?
Debian has released a public statement on the CRA
The Linux Foundation Europe has released a statement on the CRA and voicing their concerns
The EFF has voiced concerns about open source software due to the CRA
The big unknown seems to be, "What if Stanley J Developer creates an open source piece of software that some entity, such as FreeBSD, then embeds in their software and then it becomes responsible for a hacking incident." Who is held accountable? FreeBSD? Stanley J Developer?
Ostensibly it sounds like Stanley J Developer is not supposed to be held liable if there wasn't any commercial aspect. That being it was pure open source; but if it was open source and also has a paid version then does it have to abide by the CRA? Probably. The other question unknown is that of accepting donations and does it make them commercial and have to follow the CRA? Take Zig. They accept donations. What if a company uses Zig and a vulnerability leads to compromise; can the company go after Zig for damages since it was accepting donations?
I was using an open source application and the website was suddenly inaccessible, so I emailed the developer/creator asking about it. He replied the EU CRA and potential looming laws in the U.S. have caused him to make it private. He replied that the odds of him being held liable are minimal, but not zero, so to protect himself, for the time being, development is personal.
Debian has released a public statement on the CRA
The Linux Foundation Europe has released a statement on the CRA and voicing their concerns
The EFF has voiced concerns about open source software due to the CRA
The big unknown seems to be, "What if Stanley J Developer creates an open source piece of software that some entity, such as FreeBSD, then embeds in their software and then it becomes responsible for a hacking incident." Who is held accountable? FreeBSD? Stanley J Developer?
Ostensibly it sounds like Stanley J Developer is not supposed to be held liable if there wasn't any commercial aspect. That being it was pure open source; but if it was open source and also has a paid version then does it have to abide by the CRA? Probably. The other question unknown is that of accepting donations and does it make them commercial and have to follow the CRA? Take Zig. They accept donations. What if a company uses Zig and a vulnerability leads to compromise; can the company go after Zig for damages since it was accepting donations?
I was using an open source application and the website was suddenly inaccessible, so I emailed the developer/creator asking about it. He replied the EU CRA and potential looming laws in the U.S. have caused him to make it private. He replied that the odds of him being held liable are minimal, but not zero, so to protect himself, for the time being, development is personal.