subject:"\[OSGeo\-Discuss\] Cyber Resilience Act staying informed on updates"

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

2023-12-17 Thread Jody Garnett via Discuss

Even,

I think we will need to let this rest for a bit. As I understand it each
bullet point on this topic has been shared; and they wrote some
clarifications elsewhere about what they intended.

I now saw a photo online and those two quotes are actually all there is to
work with.

> the provision of free and open-source software products with digital
elements that are not monetised by their manufacturers is not considered a
commercial activity

The first bullet point appears to acknowledge that going after
organizations like osgeo with no income is not going to be effective.

However it opens the door to abuse, using open source to disrupt -
commoditize a market that supports a competitor for example.

> The mere circumstances under which the product has been developed, or how
the development has been financed should therefore not be taken into
account when determining the commercial or non-commercial nature of

This seems to be a response to the tension between closed source being
developed in private and open source being developed in public. Think
focusing on releases rather than a public repository or release candidates.


--
Jody Garnett


On Wed, Dec 6, 2023 at 9:49 AM Even Rouault 
wrote:

> Hi Jody,
>
> thanks for the update.
>
> The clarification of point 3 is still fuzzy to me. What do they actually
> mean by "monetised by manufacturers". Is monetizing only when the software
> is open source but people have to pay to use it on SaaS or similar models ?
> Otherwise if it is about money being involved in the making of the open
> source software, then that contradicts the second point that how the
> development was financed shouldn't be taken into account to determine
> commercial activity... Is consulting about open source software
> "monetizing" it ... ?
>
> Even
> Le 06/12/2023 à 16:09, Jody Garnett via Discuss a écrit :
>
> Follow up to November discussion and blog post
>  asking
> OSGeo community to be informed.
>
>
>1. At the end November Europe lawmakers agreed on something:
>
> https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>
>Free and open source was so far down the priority list that the press
>release does not even mention it.
>
>
>
>1. Next there were assurances that free and open-source community
>concerns were addressed:
>
> https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>
>The quote did indicate how our concerns were addressed:
>
>> We have ensured support for micro and small enterprises and better
>involvement of stakeholders, and addressed the concerns of the open-source
>community, while keeping an ambitious European dimension.
>
>
>
>1. This week I can find a articles providing clarifications that have
>been added:
>https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>
>Two clarifications:
>
>> the provision of free and open-source software products with digital
>elements that are not monetised by their manufacturers is not considered a
>commercial activity
>
>> The mere circumstances under which the product has been developed,
>or how the development has been financed should therefore not be taken into
>account when determining the commercial or non-commercial nature of [making
>free and open-source software available on the market].
>
>
> —
> Jody
>
> ___
> Discuss mailing 
> listDiscuss@lists.osgeo.orghttps://lists.osgeo.org/mailman/listinfo/discuss
>
> -- http://www.spatialys.com
> My software is free, but my time generally not.
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

2023-12-08 Thread Jody Garnett via Discuss

 Thanks for the context and setting expectations.
--
Jody Garnett


On Dec 8, 2023 at 12:57:53 AM, Luís Moreira de Sousa <
luis.de.so...@protonmail.ch> wrote:

> Dear Jody,
>
> thank you for the update. The last "trilogue" took place on the 30th of
> November and OSS was finally considered. A final document is now closed and
> will proceed through the successive steps towards approval. The CRA will
> come into two force stepwise as discussed before, but now on different
> dates: first tier in January of 2026 and fully in January of 2027.
>
> Various rumours have emmanated out of the last "trilogue", sometimes
> conflicting. In truth the final document is not public, a clear
> understanding of its implications will not emerge before then. There are
> claims that Microsoft's concerns regarding distribution via code forges
> were addressed, but in parallel software stewards such as OSGeo will still
> be required to some form of compliance.
>
> This situation is certainly frustrating, but there is no point in
> speculating before the complete Act is made fully public.
>
> Best regards.
>
> --
> Luís
> On Wednesday, December 6th, 2023 at 4:09 PM, Jody Garnett via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> Follow up to November discussion and blog post
>  asking
> OSGeo community to be informed.
>
>
>1. At the end November Europe lawmakers agreed on something:
>
> https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>Free and open source was so far down the priority list that the press
>release does not even mention it.
>
>
>
>1. Next there were assurances that free and open-source community
>concerns were addressed:
>
> https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>The quote did indicate how our concerns were addressed:
>
>> We have ensured support for micro and small enterprises and better
>involvement of stakeholders, and addressed the concerns of the open-source
>community, while keeping an ambitious European dimension.
>
>
>
>1. This week I can find a articles providing clarifications that have
>been added:
>https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>Two clarifications:
>
>> the provision of free and open-source software products with digital
>elements that are not monetised by their manufacturers is not considered a
>commercial activity
>
>> The mere circumstances under which the product has been developed,
>or how the development has been financed should therefore not be taken into
>account when determining the commercial or non-commercial nature of [making
>free and open-source software available on the market].
>
>
> —
> Jody
>
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

2023-12-06 Thread Even Rouault via Discuss

Hi Jody,

thanks for the update.

The clarification of point 3 is still fuzzy to me. What do they actually
mean by "monetised by manufacturers". Is monetizing only when the
software is open source but people have to pay to use it on SaaS or
similar models ? Otherwise if it is about money being involved in the
making of the open source software, then that contradicts the second
point that how the development was financed shouldn't be taken into
account to determine commercial activity... Is consulting about open
source software "monetizing" it ... ?

Even

Le 06/12/2023 à 16:09, Jody Garnett via Discuss a écrit :
Follow up to November discussion and blog post

asking OSGeo community to be informed.

1. At the end November Europe lawmakers agreed on something:

https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/

Free and open source was so far down the priority list that the
press release does not even mention it.

2. Next there were assurances that free and open-source community
concerns were addressed:

https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security

The quote did indicate how our concerns were addressed:

> We have ensured support for micro and small enterprises and
better involvement of stakeholders, and addressed the concerns of
the open-source community, while keeping an ambitious European
dimension.

3. This week I can find a articles providing clarifications that have
been added:
https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/

Two clarifications:

> the provision of free and open-source software products with
digital elements that are not monetised by their manufacturers is
not considered a commercial activity

> The mere circumstances under which the product has been
developed, or how the development has been financed should
therefore not be taken into account when determining the
commercial or non-commercial nature of [making free and
open-source software available on the market].

—
Jody

___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

--
http://www.spatialys.com
My software is free, but my time generally not.
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] Cyber Resilience Act staying informed on updates

2023-12-06 Thread Jody Garnett via Discuss

Follow up to November discussion and blog post
 asking
OSGeo community to be informed.


   1. At the end November Europe lawmakers agreed on something:
   
https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/


   Free and open source was so far down the priority list that the press
   release does not even mention it.



   1. Next there were assurances that free and open-source community
   concerns were addressed:
   
https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security


   The quote did indicate how our concerns were addressed:

   > We have ensured support for micro and small enterprises and better
   involvement of stakeholders, and addressed the concerns of the open-source
   community, while keeping an ambitious European dimension.



   1. This week I can find a articles providing clarifications that have
   been added:
   https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/


   Two clarifications:

   > the provision of free and open-source software products with digital
   elements that are not monetised by their manufacturers is not considered a
   commercial activity

   > The mere circumstances under which the product has been developed, or
   how the development has been financed should therefore not be taken into
   account when determining the commercial or non-commercial nature of [making
   free and open-source software available on the market].


—
Jody
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[OSGeo-Discuss] Cyber Resilience Act staying informed on updates

4 matches

Site Navigation

Mail list logo

Footer information