| Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty |
Seth, Did that party identify any specifics regarding the EU-CRA open-source expectations that they are most concerned about? Business Cyber Guardian is seeking to understand more details about the EU-CRA, specifically we are interested in knowing who/what is considered an “open-source software steward” and what are the obligations of an open-source software steward. Thanks, Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx Tel: +1 978-696-1788 From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Seth Michael Larson via open-regulatory-compliance Hello all, hope you are doing well. I was shared this example by Jarek Potiuk from Airflow, a case where an open source maintainer is planning to completely remove their project from PyPI due to the CRA uncertainty and obligations. I think this shows how important having a factual, up-to-date, TLDR-style blog post about the current state of affairs would be from our group, especially for open source projects under foundations and those maintained by individuals. Seth Larson |
