Re: [open-regulatory-compliance] Maintainer considering removing project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty

From: Federico Leva <federico.leva@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Dec 2024 11:23:59 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=relexsolutions.com; dmarc=pass action=none header.from=relexsolutions.com; dkim=pass header.d=relexsolutions.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8hlSQvgiYEIY8XPglD+faQVcd225tkOpOJLSW+510C0=; b=j8UV6n+MkaEn64muz+8Z3YSQ5nXMEgsHgGYXvcnitwYP1swXkjeqzXCZS2/KlapgE1k8odccG/U13BDUw/qTnjRSbTuduGL4d6Jz88B2s+czTGt5U2lLl/ScFQZsplPOeRehuDkAEi44qQqxQkQtRFlO8MpP1EWfQ4kEkndQ+1djboySgMto5ho/s9xGsIAiGEYhy+IMub3USVIa4CqjyCnJON+ywx2PpghbRMNgdoQMPVuk5srcZGz6174aKrDjodnkRdxiCrpmjbbWB6ZmIUJPwSqDokFFsRDpa9CjF5KCIdP7Z9J8xM4azgQfPC7OggvKY8ueRRpXAsPC01lfzQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PjLclXgI1DLwkyHz1zrNGGnidVxALFeH9LY0SfBYa0srVBpyFC06aazIZOi2A99UibD2ZB5GPYRROwY8QH/HbkAXTgDAD4z6MjY4dFP1XU12zpmkSCccRg3aMfOL/4qVswOX+/Ijk6lddzcz82np2xmBre3k5byw/88OyHRYT86mRwIDJ9z7YiMGV6chORKwwmdq7Bh0aUTCONOL692L8fGoYqND8B96/J0nNopOTNVKORWGmA6jjF1DrCHjzLK5FIFfdGdjA4nkdvwunJcCA1gvLc840aIti59ba8x5lEexn0Luwnr12uT62e0/wogpBSwRe80Cxz9pZEEojrMDhw==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
Organization: RELEX Oy
User-agent: Mozilla Thunderbird

Seth Michael wrote on 2024-12-19:

I'm not sure the PSF or any other foundation like it is in a position to absorb
all projects under, in our example, PyPI. However, we still have our eyes on
lowering the bar, for example I have plans this upcoming year to make complying with the "vulnerability reporting"
and "market surveillance compliance" easier for maintainers. Things like an official
location for a security policy, report a vulnerability, and a process for contacting all relevant market
surveillance groups (CISA, ENISA, etc) in the case of actively exploited vulnerabilities.

Thanks! I suspect people mostly want to outsource having to *think*about these things. To a certain extent that's not possible, but withouta massified solution we're likely to end up with useless andcounterproductive practices like the cookie banners which do nothing butannoy people (as they don't actually fix the legal basis for whateveryou're doing).

PyPI is a massive undertaking so it's hard to think of one-size-fits-allsolutions, but it *might* be possible to collect the most salientinformation from maintainers and automatically generate some suggestionsboth for the maintainers and the reusers (including the hopefully mostcommon case "you probably don't have to worry").


Best,
	Federico Leva

References:
- [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Seth Michael Larson
- Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Federico Leva
- Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Maarten Aertsen
- Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Olle E. Johansson
- Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Dick Brooks
- Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
  - From: Seth Michael Larson

Prev by Date: Re: [open-regulatory-compliance] Flowchart from a natural person's perspective -- straw man
Next by Date: Re: [open-regulatory-compliance] FAQ - does the CRA impact me
Previous by thread: Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
Next by thread: Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty
Index(es):
- Date
- Thread

Breadcrumbs