this post was submitted on 11 Dec 2024
94 points (97.0% liked)

Open Source

31751 readers
143 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Mora@pawb.social 14 points 2 weeks ago (1 children)

First: IANAL, EU law is complicated. This is my understanding as of now:

TL;DR: The EU Cyber Resilience Act (CRA) aims to enhance cybersecurity standards for products with digital elements. It introduces mandatory requirements for manufacturers and retailers to ensure cybersecurity throughout a product's lifecycle. The CRA excludes open-source software developers unless their software is used commercially as part of a "product with digital elements".

would lemmy be regulated by CRA?

Lemmy, as an open-source project, would likely not be directly regulated by the CRA. The Act specifically excludes open-source developers from its scope unless their software is used commercially.

Whaz about lemmy instances?

Lemmy instances might be regulated by the CRA if they are operated commercially as part of a "product with digital Elements". (Is there a pay for access instance or hosting as a service for lemmy? I am not aware of one.) However, since most instances are run non-commercially or for personal use, they would likely fall outside the CRA's scope.

Is there a difference if there is a fee or a recurrent donations?

Yes:

  • A fee is typically a mandatory payment for a service or product, e.g. a feature locked behind a paywall.
  • A recurring donation is a voluntary, regular contribution to support an organization or cause, often without receiving goods or services in return.

The key distinction lies in the obligation attached to the payment. Fees come with an expectation of receiving something in return, while donations are given freely without such expectations.

[–] vrighter@discuss.tchncs.de 8 points 2 weeks ago (2 children)

so, if a company decides to, for example, start using some MIT licensed software, does that suddenly materialize extra responsibilities for that software's dev?

[–] souperk@reddthat.com 9 points 2 weeks ago (2 children)

My understanding is that the company would be regulated by CRA and not the developer. However, that does not stop the company from pushing the developer for CRA compliance.

[–] Rogue 7 points 2 weeks ago (1 children)

That's actually pretty reasonable. I'd be happy to make my open source projects compliant for a company - but they can damn well pay me for the effort.

[–] logging_strict@lemmy.ml 2 points 2 weeks ago (2 children)

From a corps POV,

FOSS is free as in let 'em starve, not as in funding

Am i wrong?

[–] Rogue 2 points 2 weeks ago (2 children)

Indeed, that's why I use the AGPL license. Corporations hate it because it forces them to give back.

[–] logging_strict@lemmy.ml 2 points 2 weeks ago (1 children)

it's free as in go pound sand if you aren't going to fund maintainers

it doesn't force them to do anything until devs refuse to work for any company that doesn't.

i'm with you on agplv3+. The copyright recognition document comes before the resume.

[–] MITM0@lemmy.world 2 points 2 weeks ago (1 children)

What do you think of FUTO's "Source First" Licence ?

[–] logging_strict@lemmy.ml 2 points 1 week ago (1 children)

Can you post a link.

Not familar with it, but will read it if you point me in the right direction

[–] MITM0@lemmy.world 1 points 1 week ago (1 children)
[–] logging_strict@lemmy.ml 1 points 1 week ago (1 children)

I read all 3.

The critic has been tricked. He is naive nice person. And therein lies the rub. He is dwelling on rebutalling the bullshit not realizing it's purpose is to distract away from real issues.

He's argued twice based on nostalgia rather than on legal merits.

People may have legitimate reasons to want different terms in an open source license. The critic rejects this.

If the critic has nothing to add to the conversation, he should go pound sand. The adults are capable of ripping systems apart and understand how to pieces fit back together and can customizing them without deviating from FOSS and OSD philosophy.

Go with aGPLv3. FUTOs nonsense nonpoints don't help in the least.

Real issues like pay only in Monero to the maintainer without any KYC. Not in encumbered methods requiring our time and risk of not being able to receive the funds. No NPOs. No middlemen that take cut.

Devs needs to unionize or form gangs. Society is currently telling us to get a job rather than maintain the packages world+dog relies upon. That's malicious, suicidal, has real consequences, and thus should be our #1 political issue. And we have to change society's focus by causing a rukcus, not submitting more resumes to create more web sites and smartphone apps or cloud services. Which is just purposefully pushing us towards a job creation program rather than a means to maintain world+dog's tech base.

There should be a systematic way for companies to pay towards those maintaining their tech stack. Lacking this, the companies can just say they are confused on how to go about paying devs. I can see their POV. That infrastructure needs to exist.

None of these points, violate open source philosophy one bit.

None of these points require yet another license. It's more about what direction tech community has to take moving forward.

[–] logging_strict@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago)

take it that nondisclosure agreement means you have nothing that needs copyright recognition

[–] phase@lemmy.8th.world 2 points 1 week ago

Well, if I understand things correctly, it may address a part of this issue indirectly: corps are responsible of what they use. If a part is open source they also have the opportunity to fix the problem themselves.

Looks very nice to me.

[–] logging_strict@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Wait? Are we pretending the corps are actually the FOSS devs?

A Corp dev, aka a FOSS dev forced into societal job creation servitude making throw away smartphone apps, web sites, and now AI models.

Gets paid to not be a productive person. Is essential what a societal job creation program is. Actually accomplishing anything is a random flaw and not the intent of employing devs.

The alternative would be to fund the dev to concentrate on maintenance efforts of their repos which the entire world depends on.

And if you don't believe me, just explain one thing. What's the pip-tools maintainer up to? Cuz it's definitely not focused on pip-tools maintenance

Would definitely be interested to check in daily to watch what he's doing. Can throw parties to watch some of the most influential and important people on the planet do the equivalent of digging ditches, refilling them, then doing it again.

[–] MITM0@lemmy.world 1 points 2 weeks ago (1 children)

I tried talking to them about the notion of breaking the monopoly of GIT & was talking about Fossil They literally went don't care "Git is good enough" they're literally talentless monkeys

[–] logging_strict@lemmy.ml 2 points 1 week ago (1 children)

There is efforts to make the issues and PRs forkable as well. There is some folks jumping ship. Haven't researched the new platforms like codeberg

Codeberg is based in Germany hmmm

gitea docs

[–] MITM0@lemmy.world 2 points 1 week ago* (last edited 1 week ago) (1 children)

I wasn't talking about Github, I was talking about GIT itself; Look at these Three:

  1. Fossil
  2. Pijul
  3. Darcs

The last 2 are Patch-Based & 2 is basically a modernized-version of 3, eventhough 3 is still being maintained to this day & 1 is a fully-fledged Github-in-a-box

Oh boy I can't wait for the negative comments about it's obviois flaws, so let's hear it

[–] logging_strict@lemmy.ml 1 points 1 week ago (1 children)

Have read thru the Fossil web site. Fossil and git are nothing alike. Fossil is not Github in a box. That's misleading.

It's ok to place the key/value pairs merkle tree into an sqllite database AND NOT change the philosophy away from what we are used to with git.

Fossil makes me more sold on git. I want the PRs, i want to be able to rebase. I want to be able to fork projects away from it's parent.

Fossil needs to rewrite if it wants to attract git users. My main thing is portability of PRs and Issues. So when fork a project, the PRs and Issues are also forked. When the original author disappears would be nice to not have to rename the repo, while losing the PRs and Issues.

[–] MITM0@lemmy.world 2 points 1 week ago

But it doesn't appeal to GIT users, Git favours a Bazaar style development

[–] logging_strict@lemmy.ml -2 points 2 weeks ago

No. The FOSS dev would turn around and tell the entire world to go pound sand

The devs are under no obligations to do squat. Which includes responding to any EU requests.

If anyone has a problem with a FOSS project, they are welcome to fork the repo and maintain it themselves. And then send love letters back and forth to the EU.

If anyone is sent a request by the EU, i'm here to help. Some ideas to include in a response.

Shouldn't EU be focusing on Ukraine and throwing their males into a meat grinder?

EU does not have free speech. Why take them seriously? Why have any expectations of them?