The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.
so, if a company decides to, for example, start using some MIT licensed software, does that suddenly materialize extra responsibilities for that software’s dev?
My understanding is that the company would be regulated by CRA and not the developer. However, that does not stop the company from pushing the developer for CRA compliance.
That’s actually pretty reasonable. I’d be happy to make my open source projects compliant for a company - but they can damn well pay me for the effort.
so, if a company decides to, for example, start using some MIT licensed software, does that suddenly materialize extra responsibilities for that software’s dev?
My understanding is that the company would be regulated by CRA and not the developer. However, that does not stop the company from pushing the developer for CRA compliance.
That’s actually pretty reasonable. I’d be happy to make my open source projects compliant for a company - but they can damn well pay me for the effort.
From a corps POV,
FOSS is free as in let 'em starve, not as in funding
Am i wrong?
Indeed, that’s why I use the AGPL license. Corporations hate it because it forces them to give back.
it's free as in go pound sand if you aren't going to fund maintainersit doesn’t force them to do anything until devs refuse to work for any company that doesn’t.
i’m with you on agplv3+. The copyright recognition document comes before the resume.