Hi all,
I'm preparing a form to gather your input on CRA-related discussion topics and activities you'd like to get involved with.
Here's a list of general topics taken from Gaël's presentation yesterday:
- CRA reading group
- Building support documentation (glossary, collecting references, etc.)
- How to ensure effective participation in the EU standardization process
- How to provide input to the EU Commission in general (and about product categorisation in particular)
- CRA impact on Open Source Stewards / foundations
- CRA impact on open source consumers (SMEs / enterprise / OSPOs)
- CRA impact on single-vendor open source
And here's a list of the more technical topics he shared:
- Standards for identifiers (CPEs), version numbers, end-of-live status & dates, referencing (transitive) dependencies, etc
- Standards for releases, recall, EOL
- Secure by design
- Open source supply chain security
- Vulnerability handling
- Software lifecycle; including post EOL vulnerabilities
Any pressing topics I'm missing?
Thanks for your input,
--tobie
---
Tobie Langel
Tech Lead ORC WG, Eclipse Foundation
Principal, UnlockOpen