[OSGeo-Discuss] Cyber Resilience Act staying informed on updates
Jody Garnett
jody.garnett at gmail.com
Sun Dec 17 10:50:43 PST 2023
Even,
I think we will need to let this rest for a bit. As I understand it each
bullet point on this topic has been shared; and they wrote some
clarifications elsewhere about what they intended.
I now saw a photo online and those two quotes are actually all there is to
work with.
> the provision of free and open-source software products with digital
elements that are not monetised by their manufacturers is not considered a
commercial activity
The first bullet point appears to acknowledge that going after
organizations like osgeo with no income is not going to be effective.
However it opens the door to abuse, using open source to disrupt -
commoditize a market that supports a competitor for example.
> The mere circumstances under which the product has been developed, or how
the development has been financed should therefore not be taken into
account when determining the commercial or non-commercial nature of
This seems to be a response to the tension between closed source being
developed in private and open source being developed in public. Think
focusing on releases rather than a public repository or release candidates.
--
Jody Garnett
On Wed, Dec 6, 2023 at 9:49 AM Even Rouault <even.rouault at spatialys.com>
wrote:
> Hi Jody,
>
> thanks for the update.
>
> The clarification of point 3 is still fuzzy to me. What do they actually
> mean by "monetised by manufacturers". Is monetizing only when the software
> is open source but people have to pay to use it on SaaS or similar models ?
> Otherwise if it is about money being involved in the making of the open
> source software, then that contradicts the second point that how the
> development was financed shouldn't be taken into account to determine
> commercial activity... Is consulting about open source software
> "monetizing" it ... ?
>
> Even
> Le 06/12/2023 à 16:09, Jody Garnett via Discuss a écrit :
>
> Follow up to November discussion and blog post
> <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking
> OSGeo community to be informed.
>
>
> 1. At the end November Europe lawmakers agreed on something:
> https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>
> Free and open source was so far down the priority list that the press
> release does not even mention it.
>
>
>
> 1. Next there were assurances that free and open-source community
> concerns were addressed:
> https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>
> The quote did indicate how our concerns were addressed:
>
> > We have ensured support for micro and small enterprises and better
> involvement of stakeholders, and addressed the concerns of the open-source
> community, while keeping an ambitious European dimension.
>
>
>
> 1. This week I can find a articles providing clarifications that have
> been added:
> https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>
> Two clarifications:
>
> > the provision of free and open-source software products with digital
> elements that are not monetised by their manufacturers is not considered a
> commercial activity
>
> > The mere circumstances under which the product has been developed,
> or how the development has been financed should therefore not be taken into
> account when determining the commercial or non-commercial nature of [making
> free and open-source software available on the market].
>
>
> —
> Jody
>
> _______________________________________________
> Discuss mailing listDiscuss at lists.osgeo.orghttps://lists.osgeo.org/mailman/listinfo/discuss
>
> -- http://www.spatialys.com
> My software is free, but my time generally not.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/discuss/attachments/20231217/5dba2c44/attachment.htm>
More information about the Discuss
mailing list