Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] CRA discussion topics and activities 
Some reactions to this.

The point that you as a manufacturer put something in the market you are responsible for it. That is undebatable, but I think it needs to be recognized that someone can be both a Steward and a Manufacturer but for different things. That is a complicated situation since open source is not a "golden ticket" to get out of that manufacturer responsibility.

Further to the last point, some will not meet what the market needs. That much is clear, but we should aim to make that as simple as possible to ensure that we do not create 1st, 2nd, 3rd and so on grade projects when it comes to CRA readiness. This group needs to look out for all of the small stewards as well to ensure that we do not end up with a monoculture of open source projects all under the roof of one or a few relatively resource rich foundations (hopefully you guys will understand the spirit of that, I know most if not all foundations are in dire need of more funding). There will still be advantages and market shares to be gained by projects that offers what the downstream needs beyond just the code. Best case is that we can help to make sure that its not so resource intensive to have a reasonably good readiness to meet the market need.

BR J

-----Original Message-----
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Dirk-Willem van Gulik via open-regulatory-compliance
Sent: den 14 juni 2024 16:00
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] CRA discussion topics and activities

On 14 Jun 2024, at 14:29, Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

> This can of course also lead to interesting situations where the
> maintainers don’t accept a fix provided, but either fix in another way or don’t acknowledge the problem.
>
> In that situation, how will integrators react? I think there are good answers and really disturbing answers based on my experience.
>
> The text in the CRA just puts the obligation on the integrator, not on the project to accept the fixes.

Not sure - but it may be needed that we approach this by lifting the helicopter; and first take `us' out of the equation.

I.e. fundamentally - you as a manufacturer are responsible for what you place in the market. All of it. Simple. No if's and buts.

That is the baseline. Now it may be that you can source some of your software from others. But again - here you, as the entity that placed it on the market, are the one in the hot seat. Not the upstream.

And with that - turn the attention to the open source stewards -- and determine how they best can (still) be useful.

That said - I fully expect you to be right - and that we will see upstream parties not `meeting' what the downstreams need when they place something in the market; and as a result - no longer take from that upstream -or- make business case to do it all in house.

And then we are back at the usual opensource win-win v.s. market balance?

Dw




_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org/

Back to the top