[OSGeo-Discuss] EU Cyber Resilience Act - potential impacts on open geospatial software?

Jody Garnett jody.garnett at gmail.com
Tue Aug 8 15:02:24 PDT 2023


 Dear all,

A lot of very good thoughts on this thread (and online).

I have been thinking a bit more on this. As Luís highlights while there are
steps to take to be clear with our license the result would end up not
being useful / legal in Europe (which defeats OSGeo vision of empowering
everyone with free and open source geospatial goodness).

a) The CRA treating everything as a supplier arrangement is a problem. It
is disrespectful to be treated as a supplied rather than a respected
commons (or even labour.)

If we borrow a tool from labour - what would adopting a work-to-rule
practice for Europe?

   - Delay downloads by two weeks (simulation of anticipated certification
   overhead)
   - Release source code to Europe but not the digital downloads (respect
   Free and Open Source license and provide a taste of VPN future)


Aside: I use the word disrespectful to help indicated the violation of the
social norms asserted with our community. We should be offended that after
creating so much value for Europe regulation is being setup to require more
from our community.

b) The proposed CRA certification SME to declare technology used. This
technically sets up a "dependency list" showing the open-source used by
each organization.

Could this be used in a Robbin Hood manner to direct funding where needed:

   - Use such insight to support projects that are underfunded for their
   level of importance to European Economy
   - Use tax dollars, or certification fees from industry, to scale funding
   to match use of free and open source technologies


Aside: This is what I mean about seeking economic solutions for the root
cause (underfunded open-source projects used in critical or economically
important systems).

--
Jody Garnett


On Aug 3, 2023 at 12:43:59 AM, Luí­s Moreira de Sousa via Discuss <
discuss at lists.osgeo.org> wrote:

> Dear all,
>
> hours ago, Wordpress, Joomla, Drupal and TYPO3 published an open letter on
> the CRA painting a scenario similar to the worst case I put forth here last
> week. Not only are FOSS projects threatened, thousands of European SMEs
> will either perish or move on to wholesale commercial software in the wake
> of this legislation. Essentially, we are speaking of the companies that
> contribute to fund OSGeo and sponsor the FOSS4G.
>
>
> https://wordpress.org/news/files/2023/08/Open_Letter_on_the_Significance_of_Free_and_Open_Source_Software_in_the_EU_s_Proposed_Cyber_Resilience_Act.pdf
>
> I am becoming increasingly concerned by this. I would exhort every charter
> member in Europe to get thoroughly informed and seek advice from trade
> guilds or unions and enterprise associations or federations.
>
> Regards,
>
> Luís
> _______________________________________________
> Discuss mailing list
> Discuss at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/discuss/attachments/20230808/f9d88b4c/attachment.htm>


More information about the Discuss mailing list