Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?
> > Indeed this is just one way to respond, That's a major issue. Members of steering committees are unpaid > volunteers. They are more or less active. With our current organization, > they are not in a capacity to face regulation requirements. Basically > that would mean that projects should have salaried members, at least > part-time, to do that. Good idea. Or rotate through PSC members with a small contract to monitor communication - say three months at a stretch. So we would be expecting some kind of sustaining sponsorship from business such as yours. In trade you get vacations :) By pooling resources we cover for each other. And by acting I behalf of OSGeo we are not indirect line of fire as individuals. Advocacy rant mode on Pretty much the whole reason to setup a software foundation folks. I love that OSGeo allows us to set up one software foundation (rather than each project having to do this work themselves. OSGeo has a *extremely* low “bronze” sponsorship threshold of $500 USD (which goes down to $375 for reciting sponsors). I have a non active company how2map which has been sponsoring at this level for some years. So I am doing my best to put my money (and volunteer capacity) where my speech is. Advocacy rant mode off. I am going to go back to being quiet. Thank you for your response Even. Jody > > -- > http://www.spatialys.com > My software is free, but my time generally not. > > -- -- Jody Garnett ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?
However you do not have to be the distributor - Wondering if I'd be a "manufacturer" instead ? There are many obligations for the manufacturer in the CRA... "manufacturer’ means any natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under his or her name or trademark, whether for payment or free of charge;" So because of the end precision, "markets them under his or name or trademark", maybe not me, but the project / OSGeo itself. the customer self-serves from the open-source distribution. In this case the project - specifically the steering committee (acting on behalf of osgeo) are on the hook for a lot of these reg requirements. That's a major issue. Members of steering committees are unpaid volunteers. They are more or less active. With our current organization, they are not in a capacity to face regulation requirements. Basically that would mean that projects should have salaried members, at least part-time, to do that. -- http://www.spatialys.com My software is free, but my time generally not. ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?
Even: Thank you very much for responding - I want to make the case that you are not alone (and will get vacations). Even with regulations … If you are charging for an enhancement - it is development work one and done. It is probably in your contract to meet the requirements (docs and QA) to get the change into the open source codebase. If you wish to offer (or if the customer requires) support for a period of time they can negotiate that with you. However you do not have to be the distributor - the customer self-serves from the open-source distribution. In this case the project - specifically the steering committee (acting on behalf of osgeo) are on the hook for a lot of these reg requirements. This could be good for osgeo (for this specific case) in terms of encouraging code contributions (rather than forks and customizations). OSGeo as a software foundation should be able to shelter small and medium business (perhaps negotiating some participation to make the story work). Jody On Fri, Aug 18, 2023 at 12:09 PM Even Rouault via Discuss < discuss@lists.osgeo.org> wrote: > > Le 18/08/2023 à 20:50, Jody Garnett via Discuss a écrit : > > Thanks for setting that up, can we add it to the website ad an event > > or news item? That way it can be shared on social media and email lists. > > > > The missing voice on this discussion (and osgeo in general) is the > > small and medium business owners. > > > > A whole bunch of the concern is the impact on small and medium > > business owners. We have not yet heard from our service providers and > > sponsors on this subject. > > I count as a small business owner, actually a one man company, and > service provider and I'm indeed really concerned by the CRA. > > Seeing obligations of reporting security events within a 24h delay makes > me believe that I will have no right for any vacations The whole > text seems to have being written with quite large software companies in > mind with sufficiently big teams so they can organize on-call teams. > > It is also completely inadequate to make a service provider responsible > for the whole codebase: if I charge a customer for an enhancement in a > part of the software, is it legitimate to make bear what happens in > other places of the code base I may possibly not have written ? The text > possibly doesn't imply this (but then it becomes fun to determine who is > responsible to respond to a given security event), but such scenarios > specific to open source decentralized model are not detailed, so we are > in the legal uncertainty domain... > > Also the obligations linked to the lifetime of a version are written > with companies that have regular income from licensing fees and can > actually take a part of them to organize security monitoring and > response. Service providers don't necessarily have recurring income > sources linked to a software, given that they charge for the labor (one > time event) but not usage (long-term event). What happens if I'm no > longer involved with a software: am I still liable for what I wrote in > the past, and people still use for free, but I should still bear the > costs while no longer getting any related revenue ? > > Even > > -- > http://www.spatialys.com > My software is free, but my time generally not. > > ___ > Discuss mailing list > Discuss@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/discuss > -- -- Jody Garnett ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?
Le 18/08/2023 à 20:50, Jody Garnett via Discuss a écrit : Thanks for setting that up, can we add it to the website ad an event or news item? That way it can be shared on social media and email lists. The missing voice on this discussion (and osgeo in general) is the small and medium business owners. A whole bunch of the concern is the impact on small and medium business owners. We have not yet heard from our service providers and sponsors on this subject. I count as a small business owner, actually a one man company, and service provider and I'm indeed really concerned by the CRA. Seeing obligations of reporting security events within a 24h delay makes me believe that I will have no right for any vacations The whole text seems to have being written with quite large software companies in mind with sufficiently big teams so they can organize on-call teams. It is also completely inadequate to make a service provider responsible for the whole codebase: if I charge a customer for an enhancement in a part of the software, is it legitimate to make bear what happens in other places of the code base I may possibly not have written ? The text possibly doesn't imply this (but then it becomes fun to determine who is responsible to respond to a given security event), but such scenarios specific to open source decentralized model are not detailed, so we are in the legal uncertainty domain... Also the obligations linked to the lifetime of a version are written with companies that have regular income from licensing fees and can actually take a part of them to organize security monitoring and response. Service providers don't necessarily have recurring income sources linked to a software, given that they charge for the labor (one time event) but not usage (long-term event). What happens if I'm no longer involved with a software: am I still liable for what I wrote in the past, and people still use for free, but I should still bear the costs while no longer getting any related revenue ? Even -- http://www.spatialys.com My software is free, but my time generally not. ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?
Thanks for setting that up, can we add it to the website ad an event or news item? That way it can be shared on social media and email lists. The missing voice on this discussion (and osgeo in general) is the small and medium business owners. A whole bunch of the concern is the impact on small and medium business owners. We have not yet heard from our service providers and sponsors on this subject. As a North American I have concern(s) and care - but am not sure how to support this process. Jody On Fri, Aug 18, 2023 at 3:39 AM Angelos Tzotsos via Board < bo...@lists.osgeo.org> wrote: > Hi all, > > We are planning to make a community meeting about the EU CRA, so we can > discuss our action plan forward. > > The meeting is planned for Tuesday 22 Aug 13:00 UTC in our Jitsi room: > https://meet.jit.si/OSGeo > > Best, > Angelos > > On 7/22/23 00:20, Adam Steer via Discuss wrote: > > Hi OSGeo > > > > The European Union's proposed Cyber Resilience Act has just come to the > > attention of many non-EU folks as a potential dampener on open source > > geospatial software development and usage. A summary from GitHub is here > > (thanks Marco Bernasocchi for pointing it out): > > > > > https://github.blog/2023-07-12-no-cyber-resilience-without-open-source-sustainability/ > > > > It's being discussed in the OSGeo board, and some responses from other > > open source organisations have already been made, for example: > > > https://newsroom.eclipse.org/news/announcements/open-letter-european-commission-cyber-resilience-act > > > > It would be great to hear your thoughts on the impact of the proposed > > legislation on open source geospatial software development across the > > globe - so we can form an appropriate community response as soon as > > possible. What are your thoughts? > > > > Yes, we're late in gettung our attention on to this. Hopefully not too > > late. > > > > Thanks, > > > > Adam > > > > -- > > Dr. Adam Steer > > OSGeo director > > > > > > ___ > > Discuss mailing list > > Discuss@lists.osgeo.org > > https://lists.osgeo.org/mailman/listinfo/discuss > > -- > Angelos Tzotsos, PhD > President > Open Source Geospatial Foundation > http://users.ntua.gr/tzotsos > > ___ > Board mailing list > bo...@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/board > -- -- Jody Garnett ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
Re: [OSGeo-Discuss] EU Cyber Resilience Act - potential impacts on open geospatial software?
Hi all, We are planning to make a community meeting about the EU CRA, so we can discuss our action plan forward. The meeting is planned for Tuesday 22 Aug 13:00 UTC in our Jitsi room: https://meet.jit.si/OSGeo Best, Angelos On 7/22/23 00:20, Adam Steer via Discuss wrote: Hi OSGeo The European Union's proposed Cyber Resilience Act has just come to the attention of many non-EU folks as a potential dampener on open source geospatial software development and usage. A summary from GitHub is here (thanks Marco Bernasocchi for pointing it out): https://github.blog/2023-07-12-no-cyber-resilience-without-open-source-sustainability/ It's being discussed in the OSGeo board, and some responses from other open source organisations have already been made, for example: https://newsroom.eclipse.org/news/announcements/open-letter-european-commission-cyber-resilience-act It would be great to hear your thoughts on the impact of the proposed legislation on open source geospatial software development across the globe - so we can form an appropriate community response as soon as possible. What are your thoughts? Yes, we're late in gettung our attention on to this. Hopefully not too late. Thanks, Adam -- Dr. Adam Steer OSGeo director ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss -- Angelos Tzotsos, PhD President Open Source Geospatial Foundation http://users.ntua.gr/tzotsos ___ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
[OSGeo-Discuss] NARSS appointed as North African open science platform regional node
Dear colleagues, Happy to share this excellent news of National Authority for Remote Sensing and Space Sciences (NARSS), Egypt selected to operate as North African Open Science Platform Regional Node for the African Open Science Platform (AOSP). Thank you to Dr. Rania Elsayed for sharing this excellent updates. More details at https://www.nrf.ac.za/the-african-open-science-platform-appoints-three-regional-nodes/ https://aosp.org.za/2023/06/19/the-african-open-science-platform-appoints-three-regional-nodes/ May I request that if you have published new research papers and articles in geospatial science , please share the publication details to Professor Nikos Lambrinos (Chief Editor , GeoForAll Newsletter) so he can include the information in the next edition of GeoForAll newsletter to share with the global community. Thank you. Best wishes Suchith From: Rania Elsayed Sent: 17 August 2023 21:20 To: Suchith Anand Subject: Re: [Geo4All] NARSS appointed as North African open science platform regional node Dear Prof. Suchith I am thrilled to inform you that NARSS has been selected to operate as North African Open Science Platform Regional Node for the African Open Science Platform(AOSP). The role of the AOSP regional nodes is to support and promote efforts aligned with implementation of open science programs at a regional level, strengthen knowledge networks and infrastructure access, and enhance cooperation between regions and globally in support of the AOSP’s vision. The appointment will be for a five-year term (kindly see the attached letter). May you share these news with geo4all group, please. Kind regards On Thu, 17 Aug 2023, 11:18 pm Rania Elsayed, mailto:ranyaalsa...@gmail.com>> wrote: Dear Prof. Lambrinos I am thrilled to inform you that NARSS has been selected to operate as North African Open Science Platform Regional Node for the African Open Science Platform(AOSP). The role of the AOSP regional nodes is to support and promote efforts aligned with implementation of open science programs at a regional level, strengthen knowledge networks and infrastructure access, and enhance cooperation between regions and globally in support of the AOSP’s vision. The appointment will be for a five-year term (kindly see the attached letter). Kindly can you share these news with geo4all group and also in the next issue, please. Kind regards On Thu, 10 Aug 2023, 10:29 am , mailto:labri...@eled.auth.gr>> wrote: Dear all, August 2023 issue has been uploaded onto GeoForAll website (https://www.osgeo.org/initiatives/geo-for-all/ and/or https://www.osgeo.org/initiatives/geo-for-all/geo-newsletters-archive/) in pdf format and in Spanish. I would like to thank all those who helped with their contributions to have both editions and ask for new volunteers to join the Newsletter by sending their articles, announcements, news, etc. For those who would like to send articles, news, etc., to be published in the next issue (September 2023 issue) please keep in mind that the deadline is August 27. Please, if you know about a conference/webinar or you are going to organize one, send a reminder much earlier so we can disseminate it through our Newsletter. Have a nice reading Nikos Lambrinos Διευκρίνιση ηλεκτρονικού ταχυδρομείου Οι πληροφορίες που συμπεριλαμβάνονται σε αυτό το μήνυμα είναι εμπιστευτικές και η χρήση τους επιτρέπεται μόνον από τον αναφερόμενο παραλήπτη. Εάν έχετε λάβει το παρόν μήνυμα από λάθος και δεν είστε ο προοριζόμενος παραλήπτης, σας ενημερώνουμε ότι αποκάλυψη, αναπαραγωγή, διανομή ή οποιασδήποτε άλλης μορφής χρήση των περιεχομένων του παρόντος μηνύματος απαγορεύεται. Επίσης παρακαλείσθε να αποστείλετε το αρχικό μήνυμα στην διεύθυνση του αποστολέα, καθώς και στη συνέχεια να διαγράψετε το μήνυμα από το σύστημά σας. Η επικοινωνία μέσω Internet δεν είναι ασφαλής και επομένως το ΑΠΘ δεν φέρει ευθύνη για οποιαδήποτε θετική ή αποθετική ζημιά που προκλήθηκε από την χρήση του παρόντος ή των συνημμένων του λόγω ιών που έχουν περάσει σε αυτά. Σας Ευχαριστούμε, Αριστοτέλειο Πανεπιστήμιο Θεσσαλονίκης Email Disclaimer The information in this email is confidential and is intended solely for the addressee(s). If you have received this transmission in error, and you are not an intended recipient, be aware that any disclosure, copying, distribution or use of this transmission or its contents is prohibited. Furthermore, you are kindly requested to send us back the original message to the sender’s address and delete the message from your system immediately. Internet communications are not secure and therefore AUTH does not accept legal responsibility for the contents of this message and for any damage whatsoever that is caused by viruses being passed. Thank You, Aristotle University of Thessaloniki Δρ. Νίκος Λαμπρινός Καθηγητής
