The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.
My understanding is that the company would be regulated by CRA and not the developer. However, that does not stop the company from pushing the developer for CRA compliance.
That’s actually pretty reasonable. I’d be happy to make my open source projects compliant for a company - but they can damn well pay me for the effort.
Wait? Are we pretending the corps are actually the FOSS devs?
A Corp dev, aka a FOSS dev forced into societal job creation servitude making throw away smartphone apps, web sites, and now AI models.
Gets paid to not be a productive person. Is essential what a societal job creation program is. Actually accomplishing anything is a random flaw and not the intent of employing devs.
The alternative would be to fund the dev to concentrate on maintenance efforts of their repos which the entire world depends on.
And if you don’t believe me, just explain one thing. What’s the pip-tools maintainer up to? Cuz it’s definitely not focused on pip-tools maintenance
Would definitely be interested to check in daily to watch what he’s doing. Can throw parties to watch some of the most influential and important people on the planet do the equivalent of digging ditches, refilling them, then doing it again.
I tried talking to them about the notion of breaking the monopoly of GIT & was talking about Fossil
They literally went don’t care “Git is good enough” they’re literally talentless monkeys
My understanding is that the company would be regulated by CRA and not the developer. However, that does not stop the company from pushing the developer for CRA compliance.
That’s actually pretty reasonable. I’d be happy to make my open source projects compliant for a company - but they can damn well pay me for the effort.
From a corps POV,
FOSS is free as in let 'em starve, not as in funding
Am i wrong?
Indeed, that’s why I use the AGPL license. Corporations hate it because it forces them to give back.
it's free as in go pound sand if you aren't going to fund maintainersit doesn’t force them to do anything until devs refuse to work for any company that doesn’t.
i’m with you on agplv3+. The copyright recognition document comes before the resume.
What do you think of FUTO’s “Source First” Licence ?
take it that nondisclosure agreement means you have nothing that needs copyright recognition
Wait? Are we pretending the corps are actually the FOSS devs?
A Corp dev, aka a FOSS dev forced into societal job creation servitude making throw away smartphone apps, web sites, and now AI models.
Gets paid to not be a productive person. Is essential what a societal job creation program is. Actually accomplishing anything is a random flaw and not the intent of employing devs.
The alternative would be to fund the dev to concentrate on maintenance efforts of their repos which the entire world depends on.
And if you don’t believe me, just explain one thing. What’s the pip-tools maintainer up to? Cuz it’s definitely not focused on pip-tools maintenance
Would definitely be interested to check in daily to watch what he’s doing. Can throw parties to watch some of the most influential and important people on the planet do the equivalent of digging ditches, refilling them, then doing it again.
I tried talking to them about the notion of breaking the monopoly of GIT & was talking about Fossil They literally went don’t care “Git is good enough” they’re literally talentless monkeys