That is <i>incredibly rich</i> coming from __FileZilla__, one of the few OSS projects that accepts money from <i>malware makers</i> to catch out unwary windows users.<p>I wonder if they're actually more worried about having the EU go after them legally if some EU member loses data or money directly because of that malware?
> The CRA goes against this principle by imposing unavoidable liability on producers of free software, requiring them to make their development, testing, and documentation activities much harder and complex.<p>If the EU wants this, they should use part of their budget to fund it.<p>This is the same argument for businesses using FOSS, if you want support, pay for it, otherwise you get what you pay for.
I see that the Linux Foundation has posted a blog opposed to this. I wonder if they could single-handedly destroy this legislation by revoking the license for Linux in the EU.<p>Of course this would be difficult because existing contributions can't be relicensed. But they could maybe start accepting new patches with a non-Eurpoe license. Or does the GPL prevent this as they are building on GPL code and need the same license? I double the EU would be ok with running on outdated Linux or trying to maintain their own.
Unpopular thought, but eu’s CRA may reduce open source software availability, increasing scarcity and thus leading to a potential indie market. Software is one of the few industries where people have freely made the product of their labor available in large quantity, dramatically reducing their prospect of earning independently just by writing software. The more indie software makers the more proper engineering can be done - as opposed to simply giving it for free to corporations.
TLDR: In protest of the Cyber Resilience Act. FOSS projects have been raising alarms for a while. Today ITRE voted. Now it's game over for FOSS in Europe
is there a explainer of what the legislation is supposed to do and how does it harm foss?<p>i have had trouble with understanding the push for EVERYONE doing https even in localhost because "security". boo.<p>i live in a place where by law ISPs need to have DPI. they can access any communication regardless of SSL or https or anything in between so why should i bother with the added nonsense of "much security" when it is not supposed to even work?<p>i understand there are attempts to make https to be as transparent when it works but why should that not be restricted to banking transactions or login pages and payment links? again, DPI.<p>now this cyber resillience act which i am assuming wants to "security".<p>what kind of security?