Re: [open-regulatory-compliance] Is there anything outside the scope of

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?

From: Jeremy Stanley <jeremy@xxxxxxxxxxxxx>
Date: Thu, 2 Jan 2025 14:21:04 +0000
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

On 2025-01-02 13:35:49 +0100 (+0100), Olle E. Johansson via open-regulatory-compliance wrote:
[...]
> I am getting a lot of questions and hear discussions about source
> code availability not meaning “placing a product on the market”.
> This needs to be clarified for both these cases.

Same, but also a lot of the projects I'm involved in are implemented
in interpreted languages, where the "source code" is what users are
often consuming. These projects seek to limit their own liability
and clarify their responsibilities to users by explicitly avoiding
distributing any artifacts that would bundle third-party code
(dependencies and base systems) except where such artifacts are
clearly labeled as non-production examples or test configurations.

Still, I'm unclear on the extent to which this minimizes user
expectations in reality; I hear numerous reports of users operating
such "non-production" artifacts in production environments because
it's easier for them than actually building their own. To what
extent are projects creating an attractive nuisance by making
available these sorts of example builds and container images,
knowing that users will still frequently disregard warnings and
disclaimers for the sake of convenience?
-- 
Jeremy Stanley

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Dirk-Willem van Gulik

References:
- [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Idelberger, Florian (IIWR)
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Ilu
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Daniel Thompson-Yvetot
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Olle E. Johansson
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Dirk-Willem van Gulik
- Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
  - From: Olle E. Johansson

Prev by Date: Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
Next by Date: Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
Previous by thread: Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
Next by thread: Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
Index(es):
- Date
- Thread

Breadcrumbs