Le 18/08/2023 à 20:50, Jody Garnett via Discuss a écrit :
Thanks for setting that up, can we add it to the website ad an event
or news item? That way it can be shared on social media and email lists.
The missing voice on this discussion (and osgeo in general) is the
small and medium business owners.
A whole bunch of the concern is the impact on small and medium
business owners. We have not yet heard from our service providers and
sponsors on this subject.
I count as a small business owner, actually a one man company, and
service provider and I'm indeed really concerned by the CRA.
Seeing obligations of reporting security events within a 24h delay makes
me believe that I will have no right for any vacations.... The whole
text seems to have being written with quite large software companies in
mind with sufficiently big teams so they can organize on-call teams.
It is also completely inadequate to make a service provider responsible
for the whole codebase: if I charge a customer for an enhancement in a
part of the software, is it legitimate to make bear what happens in
other places of the code base I may possibly not have written ? The text
possibly doesn't imply this (but then it becomes fun to determine who is
responsible to respond to a given security event), but such scenarios
specific to open source decentralized model are not detailed, so we are
in the legal uncertainty domain...
Also the obligations linked to the lifetime of a version are written
with companies that have regular income from licensing fees and can
actually take a part of them to organize security monitoring and
response. Service providers don't necessarily have recurring income
sources linked to a software, given that they charge for the labor (one
time event) but not usage (long-term event). What happens if I'm no
longer involved with a software: am I still liable for what I wrote in
the past, and people still use for free, but I should still bear the
costs while no longer getting any related revenue ?
Even
--
http://www.spatialys.com
My software is free, but my time generally not.
_______________________________________________
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss
