Re: [open-regulatory-compliance] More edge cases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] More edge cases

From: Federico Leva <federico.leva@xxxxxxxxxxxxxxxxxx>
Date: Mon, 8 Jul 2024 10:59:00 +0300
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=relexsolutions.com; dmarc=pass action=none header.from=relexsolutions.com; dkim=pass header.d=relexsolutions.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+Cm0s54JcxbQvrtw0k5a4B0uP+lAgM6co6uyrc3fjNY=; b=XWdN8NDa3dWBWgEL5wwscir2AJrWc3InOx2H+wN2Fm4ieSXX81vFGODOLukZ81oKXuLLakXi9Hu+8vrIjzWg8hGpwdTQuCqjTBWLLVgpphLIc8REcRsNHRF6nkXz8DFbOf5hswriAC8ehOs3DhLTb5LQ9/sqnr7QHYmDHXUN98a0zweyevSEdiUvABut5BgxRnZBRiBGb/Xo3TPhmWWZy0n9hnIsYJHom28H1RQIy/y/DaoKxyIYPtq9tkLwrD309JXTWUIHJSulmv/VtGVzrk2kVP8RtaelaMkXVYF7UnNe7zU5dWuiBOrSRd1HzUBp6dyC66fKAyXYNODZ2PR/Vw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OBMjUDvyf78xkBEVxmcMcrbFMMKXewy/gRdHTgjtS2lk8pRm7ktsnv1KHivIDdlmtpoJTc+gLrOkmv7olsDRrV4xOeOWPa8iathG5Yc73bKBFmWPOJZDktcNYKH/zAOxq/U04f2R0EGcpljiSNyy4H70OqEBtHvbLH4BfHo/ZkdAZJBbLGy0XYMYXF5G6AWp6lz7qBu2kNpjOtFBeOFV+XSxTrfy2QL9X59650DZ9bXHsmyfxVTC+bKyceuqt5xSsy8kwYhpIY3UyJxZ4dEm9/r/yMoRbHLt7kCq2je1dkUChPrsJBQKSNw74Mn9+frxF+uZztvhM46SPKrWHGUgSA==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
Organization: RELEX Oy
User-agent: Mozilla Thunderbird

(Warning: I've not yet read the latest version of the CRA from cover tocover, I may have missed some context or specific provision.)

Dirk-Willem van Gulik via open-regulatory-compliance kirjoitti 4.7.2024klo 14.30:

7) If BigCo produces "BigCo Web Server for Java that is based on Apache
Tomcat" then clearly they will be subject to the CRA for that product.

Are all your questions assuming the customer is never on the hook? Isthat because BigCo only sells their product to consumers for personalpurposes or what? Say the customer is an ISP or domain hoster whichsells web hosting on the side, aren't they supposed to be responsiblefor their webserver software? And if they ask BigCo to configure it forthem, does it really matter whether BigCo delivers the binaries or justuses a public distribution?

At $dayjob-1 we had a vendor which sold us a giant monolith web serviceshipped for RHEL only, with tomcat and a bunch of dependencies vendoredin. They required specific OS versions, configured all the dependencies,delivered everything in giant tarballs. Surely they're responsible forthe tomcat upgrades as part of the overall product. I sure hope thatdoesn't change if they decide to stop vendoring the dependencies and,say, install a pinned version from the RHEL repos.


Best,
	Federico

Follow-Ups:
- Re: [open-regulatory-compliance] More edge cases
  - From: Dirk-Willem van Gulik

References:
- [open-regulatory-compliance] More edge cases
  - From: Dirk-Willem van Gulik

Prev by Date: [open-regulatory-compliance] CRA consultations - Monday, July 8th - Smart home virtual assistants
Next by Date: Re: [open-regulatory-compliance] More edge cases
Previous by thread: Re: [open-regulatory-compliance] More edge cases
Next by thread: Re: [open-regulatory-compliance] More edge cases
Index(es):
- Date
- Thread

Breadcrumbs