
On 23.11.23 03:16, Bart Martens wrote:


Debian Public Statement about the EU Cyber Resilience Act (CRA) and the
Product Liability Directive (PLD)

The CRA includes requirements for manufacturers of software, followed
up by the PLD with compulsory liability for software. The Debian
project has concerns on the impact on Free and Open-Source Software

The CRA makes the use of FOSS in commercial context more difficult.
This goes against the philosophy of the Debian project. The Debian Free
Software Guidelines (DFSG) include "6. No Discrimination Against Fields
of Endeavor - The license must not restrict anyone from making use of
the program in a specific field of endeavor." A significant part of the
success of FOSS is its use in commercial context. It should remain
possible for anyone to produce, publish and use FOSS, without making it
harder for commercial entities or for any group of FOSS users.

The compulsory liability as meant in the PLD overrules the usual
liability disclaimers in FOSS licenses. This makes sharing FOSS with
the public more legally risky. The compulsory liability makes sense for
closed-source software, where the users fully depend on the
manufacturers. With FOSS the users have the option of helping
themselves with the source code, and/or hiring any consultant on the
market. The usual liability disclaimers in FOSS licenses should remain
valid without the risk of being overruled by the PLD.

The Debian project asks the EU to not draw a line between commercial
and non-commercial use of FOSS. Such line should instead be between
closed-source software and FOSS. FOSS should be entirely exempt from
the CRA and the PLD.




Reply via email to