On Sat, 22 Apr 2023, Kamil Gałuszka wrote:

Cześć,

Ostatnio wpadły mi te dwa teksty uwadze: https://pyfound.blogspot.com/2023/04/the-eus-proposed-cra-law-may-have.html https://newsroom.eclipse.org/news/announcements/open-letter-european-commiss...

Nie tylko "polska" (choć akurat połowa biura w Brukseli jest z Polski) - zacytuję kawałek lutowego raportu przedstawicielstwa Wikimediów przy EU. W ostatnim podlinkowanym Google Docs są komentarze i można coś napisać.

Kontakt z Dimim i Anną:

https://meta.wikimedia.org/wiki/EU_policy/Team

Całość tekstu: https://lists.wikimedia.org/hyperkitty/list/publicpolicy@lists.wikimedia.org...

Fragment dot. CRA:

=== Cyber Resilience Act ===

The Cyber Resilience Act is a proposed regulation by the European Commission aiming to introduce baseline cybersecurity requirements for digital products and services. It includes such obligations as security tests and security updates for up to five years after a product or even a piece of software. [4] —

The European Commission is proposing a carve-out for free & open source software, which we welcome. However, the carve-out is only in a recital (which is the “non-active” part of a EU law), instead in a proper article. It also restricts the protection to “software developed or supplied outside the course of a commercial activity”, which most programmers and lawyers we spoke to believe is a very problematic wording. Many FOSS software projects are usually developed and maintained by a mix of volunteers, contractors, businesses or even incidental contributors participating in bug bounty hunts.

—

Wikimedia is working on addressing the above mentioned weaknesses and trying to coordinate with organisations such a the Free Software Foundation Europe and Open Forum Europe on this. Our current thinking and suggestions can be seen here: [5]

[4] https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act

[5] https://docs.google.com/document/d/1GSO-WpA86vklStTIXpSJrqvppqQTyUfn90Q55EYq...