|
Afaik you cannot automatically assume „license is FOSS“ == no manufacturer. This is especially so as the legislators especially wanted to cover cases like Chromium and similar. So in the case where „BigCo“ empty all committers of a project and are using
it in some commercial fashion - even for advertising, market capture or whatever, they would probably qualify as manufacturer.
Regarding the case where some deploys a FOSS project for someone - maybe we can compare it to the case that was brought up where someone deploys a configured and/or customized FOSS product for a client. As a product doesn’t have to be publicly available
on the market to qualify as being available on the market, it is likely that even if such a custom product is used by a client, it counts as being available on the market. Thus there would be an obligation to comply. And this could be similar to deployments
of tomcat for example - not if they are merely installed, but if they are modified in some way at least. (Would have to spend more work to provide citations, which I cannot do right now, so I hope it’s fine like this for now)
--
Dr. Florian Idelberger
Karlsruher Institut für Technologie (KIT)
Zentrum für Angewandte Rechtswissenschaft (ZAR)
Institut für Informations- und Wirtschaftsrecht
Vincenz-Prießnitz-Str. 3, D-76131 Karlsruhe
E-Mail: florian.idelberger@xxxxxxx
KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft
Am 04.07.2024 um 22:18 schrieb Georg Kunz via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>:
Hi DW, all,
8) If BigCo employs ALL of committers of the Tomcat project and allows them to work on Tomcat tasks as part of their employment does that change the answers to Q1 & Q2?
I think we need to distinguish two cases: is Tomcat already hosted at a foundation or not. It Tomcat IS hosted at a foundation, then I agree
with Fukami that the answer does not change.
-
This is one aspect I have been wondering about regarding attempts to define a diverse project: communities change over time. As technology evolves and changes in adoption, some formerly very diverse projects may become
(or appear like) single vendor projects – potentially simply because that particular company keeps maintaining the project while all others have jumped ship. I think it would be counter-productive to the projects and all adopters to have a potential point
in time when the classification of a project changes. And I think the Steward concept helps in this context to create stability: As long as the project is overseen by a steward, that classification should not change.
Best regards
Georg
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> on behalf of Dirk-Willem van Gulik via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Date: Thursday, 4. July 2024 at 14:10
To: Christian (fukami) Horchert <chorchert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Cc: Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx>, Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] More edge cases
On 4 Jul 2024, at 13:53, Christian (fukami) Horchert <chorchert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 4 Jul 2024, at 13:30, Dirk-Willem van Gulik via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
2) BigCo sells support for Tomcat. Their customers obtain Tomcat direct from the ASF and then BigCo
helps then install, configure.
Q1. Is BigCo subject to the CRA?
What is the product? Services and support are not within the scope of the CRA. It’s a product regulation.
This we are in agreement here.
My worry is getting into unwitting customers being instructed (or BigCo staff on-site) to do 'curl https://dist.apache.org/tomcat.sh | sh -' sort of blind install at the customer where
the relation with BigCo is basically 'tomcat as a supported product' -- and very much akin to how you now by "XXX app server powered by Apache Tomcat' where XXX is some brand name.
So the service really needs to be that. A service. And not a product in disguise.
8) If BigCo employs ALL of committers of the Tomcat project and allows them to work on Tomcat tasks as part of their employment does that change the answers to Q1 & Q2?
Ok - fair to surmise that you do not see a (legal, in the context of the CRA) distinction between a diverse open source community at some open source foundation maintaining code collectively
and a single vendor effort where staff at that vendor builds and maintains code. Which is then released under an open source license ?
I.e. the crux is wether that code is under an open source license or not. And if it is - it is not under the CRA ? Is that a fair summary ? Or am I oversimplifying things ?
_______________________________________________
open-regulatory-compliance
mailing list
open-regulatory-compliance@xxxxxxxxxxx
To
unsubscribe from this list, visit https://accounts.eclipse.org
|
