Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Maintainer considering removing project due to CRA obligations and uncertainty

I know it is possible to transfer a GitHub repo to another party, but I'm
not sure if this act would exempt a party from lawful requirements.

Thanks,

Dick Brooks
   
Active Member of the CISA Critical Manufacturing Sector, 
Sector Coordinating Council - A Public-Private Partnership

Never trust software, always verify and report! T
Risk always exists, but trust must be earned and awarded.T 
https://businesscyberguardian.com/ 
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788


-----Original Message-----
From: open-regulatory-compliance
<open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Olle E.
Johansson via open-regulatory-compliance
Sent: Thursday, December 19, 2024 11:30 AM
To: Open Regulatory Compliance Working Group
<open-regulatory-compliance@xxxxxxxxxxx>
Cc: Olle E. Johansson <oej@xxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Maintainer considering removing
project due to CRA obligations and uncertainty



> On 19 Dec 2024, at 17:20, Maarten Aertsen via open-regulatory-compliance
<open-regulatory-compliance@xxxxxxxxxxx> wrote:
> 
> On Thu Dec 19, 2024 at 17:08 CET, Federico Leva via
open-regulatory-compliance wrote:
>> I'd be particularly interested in a description of the minimum steps 
>> required to transfer CRA responsibilities to a FLOSS steward, say 
>> hypothetically the PSF or a cooperative of Python consultants. The 
>> risks for individuals may be overstated, but it seems there's demand 
>> for an "insurance" to absorb these risks, and pooling them should help.
> 
> I am not at all sure if there is such a thing. If an individual meets the
criteria for Manufacturer, there is no transfer possible. If they don't meet
those criteria, they are out of scope and a transfer is unnecessary.
Surely there has to be a transfer possibility. Companies buy companies,
software changes ownership. There must be a possibility to retire here.

> 
> My perspective on what's needed, is more accessible guidance from credible
sources and active outreach to get guidance to the right places. Individuals
who spend their spare time maintaining digital infrastructure should not
need to fear this law, but clearly, in some cases they do.

Agree fully.

/O
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org



Back to the top