Raito Bezarius
@dymaxion @whitequark @Di4na I mean, I am aware of the ongoing legislation efforts towards making sense out of the computer ecosystem when it comes to liability question.
But I think it's pretty unrealistic to expect this to be figured out without at least multiple phases.
If some legal ecosystem decide to punish OSS maintainers, this is just going to affect the performance of that legal ecosystem at this point.
So I doubt that a stupid law would stay for too long, except in the US?
✧✦Catherine✦✧
@raito @dymaxion @Di4na also, by no means I am *ignoring* the question; rather, I'm actively opposing the efforts that I think are misguided. that is, of course, not the only thing I'm doing or going to do
✧✦Catherine✦✧
@resuna @dymaxion @raito @Di4na also my "hobby" projects--one of which happens to power Tor these days--do a lot better security-wise than what's currently accepted in the industry :p
Eleanor Saitta
@raito
It kind of boggles my mind that folks who write software with the hope of it being used as part of a global ecosystem wouldn't really care whether their software or that ecosystem is secure. Like, sure, if it's your hobby and you don't really care about its impact on the world, you do you? It's exactly the same sort of "negative externalities aren't my problem" attitude that we decry up and down everywhere else.
But yeah, I guess framed that way, the only thing they will make those devs understand that they have to care is liability, the same as everyone else in that situation. It just happens here that liability will probably also destroy the ecosystem at massive cost to us all.
@whitequark @Di4na
Resuna
@dymaxion @raito @whitequark @Di4na
> Like, sure, if it's your hobby and you don't really care about its impact on the world, you do you?
I think the assumption should be that if they're not getting paid for it they're amateurs by every possible definition, so yeh, you shouldn't be hassling them about whether they're a solid part of the supply chain.
Liability without remuneration is tyranny.
Raito Bezarius
@dymaxion @whitequark @Di4na Right, but, then, I think we are maybe discussing two different things? Most OSS devs are not concerned by supply chain security, it's delusional IMHO to try to move the Overton window on this matter, at this point in time.
Commercial interests are in the range of the CRA and we will see how it translate into benefits for the overworked burnout OSS maintainers in the community.
Whether the signal is positive/negative shall guide where the Overton window move?
Eleanor Saitta
@raito
I am, yes. I think it's a pretty solid balance, at the level I've read so far, and they we could do a lot worse, as a model text. It came about in part because the EU does listen to actively engaged folks from civil society, including FOSS devs, when they're willing to engage with the debate on the EU's terms. Hopeful the existing version will be improved where necessary and reasonable and adopted. It's entirely possible, though, that it will be seen as insufficient.
The exclusions in there were not put there by folks objecting to the fundamental framing.
@whitequark @Di4na
Raito Bezarius
@dymaxion @whitequark @Di4na I take you are familiar with the CRA situation then? Do we share the same understanding of the CRA text and the fact that it *does* exclude quite explicitly OSS developers and so on, in various practical ways?
Eleanor Saitta
@raito
Much more likely to becomea law in Europe than the US, honestly. And it might get revised quickly, but quickly in EU terms is at least a decade.
@whitequark @Di4na
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.