Hi Olle, all,
Thank you very much for bringing up those questions and examples. I think they very much underline the need to have a discussion in this group about the relationships,
roles and responsibilities of Open Source Stewards and all other members of the community at large – at the very least to provide guidance.
With regards to Olle’s question in particular, a flow-chart like the one shown at FOSDEM ([1], slide 12) could be helpful – in this or a refined form. I believe that
similar (original) versions were created by the community during the CRA discussions last year, so we may have some existing material to review or build upon.
[1]
https://fosdem.org/2024/events/attachments/fosdem-2024-3683-the-regulators-are-coming-one-year-on/slides/22201/Slides_CRA_FOSDEM_v3_ukPnQUG.pdf
Best regards
Georg
From:
open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> on behalf of Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Date: Tuesday, 18. June 2024 at 08:06
To: Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx>
Cc: Olle E. Johansson <oej@xxxxxxxxxx>, Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] CRA discussion topics and activities
On 17 Jun 2024, at 15:12, Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx> wrote:
On 17 Jun 2024, at 09:16, Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
I have been working with Open Source for many years, but not with any project that was hosted by a foundation. It is important to keep the scope wide to cover everything from one-person projects to large industry collaboration - without
(as you point out) grading projects.
Agreed with the sentiment - but I think there is a fairly specific ‘line in the sand’ here — and that is if you go to Article 3 — that you basically are, by default, someone that places things on the market, a manufacturer — and you need
to comply with the whole CRA.
Regardless if you are a one-person project/company or a mega enterprise.
To be more clear: Kamailio.org is a project without a legal entity. Someone registred the domain and there is a “management group” of people in various companies. How would CRA handle this? Who places the Kamailio “product” on the market?
There has also been discussions about the difference between providing source code and binaries. If the project only provide source code - is that “placing a product on the market”? If they provide packages or containers with pre-built
binaries - does that make a difference?
These are things that we need to help the open source community to sort out.
If you place things on the market for others - you need to comply.
And then there is a very narrow area for a very well “behaved” and organisationally quite mature open source steward that can (proof how they) provide sustained, systematic support for the development of open source that is intended for
commercial activities*. And have the organisational maturity to govern this capability well. I.e. it does not rely on happenstance or good intentions.
But that is a fairly tall order - and quite narrow compared to the default. Most entities will be the default - and not classified as open source stewards.
Right.
/O
*) “open-source software steward means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with
digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products;
|
