[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [open-regulatory-compliance] CRA discussion topics and activities
|
On 14 Jun 2024, at 14:29, Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
> This can of course also lead to interesting situations where the maintainers don’t accept a fix
> provided, but either fix in another way or don’t acknowledge the problem.
>
> In that situation, how will integrators react? I think there are good answers and really disturbing answers based on my experience.
>
> The text in the CRA just puts the obligation on the integrator, not on the project to accept the fixes.
Not sure - but it may be needed that we approach this by lifting the helicopter; and first take `us' out of the equation.
I.e. fundamentally - you as a manufacturer are responsible for what you place in the market. All of it. Simple. No if's and buts.
That is the baseline. Now it may be that you can source some of your software from others. But again - here you, as the entity that placed it on the market, are the one in the hot seat. Not the upstream.
And with that - turn the attention to the open source stewards -- and determine how they best can (still) be useful.
That said - I fully expect you to be right - and that we will see upstream parties not `meeting' what the downstreams need when they place something in the market; and as a result - no longer take from that upstream -or- make business case to do it all in house.
And then we are back at the usual opensource win-win v.s. market balance?
Dw
