Does a FOSS product need to have a steward to be considered a “maintained product” with support?
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded.™
https://businesscyberguardian.com/
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Daniel Thompson-Yvetot via open-regulatory-compliance
Sent: Friday, December 20, 2024 9:36 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Daniel Thompson-Yvetot <denjell@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] FAQ - does the CRA impact me
Bibliographic reference for the "is your project covered" image:
Benjamin Bögel
European Commission, DG CONNECT
Slides CRA ORC v1
Attaching (what I think you meant) Christian's image
So let's try this (Thanks Ole for the suggestion). Start below.
Dw.
So one of the most authoritative things we have is this diagram (even though Maarten@NLNet his diagram is much nicer) created by the European Commission:
(todo - get original, date and bibliographic data)
Given this - the first order set of Frequently Asked Questions by anyone navigating are I think the following.
And I've put some strawman-annswers with each.
1) What is `providing' ?
=> Can we turn this around - i.e. define Contributing well; and anything more is Providing.
=> The crux here is that contributing means a transfer to *another* party.
So if you are contributing bug fixes, patches and so on from your self or your company to an organisation (and the need for a Committer License Agreement (CLA) is a verygood indicator for this) you are generally not a provider but a contributor.
If you are part of a group of people that, within that group, create code, fixes bugs, does releases and readies it for distribution - then that group is providing.
Note that an individual or a company can both be a contributor (Not in scope for the CRA) and part of an entity that provides.
And it is common for that individual (company or natural person) that is the Contributor to be disconnected from the Provider by means of a CLA.
2) What is `commercial activity in the broad sense' ?
==> No idea ? An activity that leads to a product being placed on the EU market is, IMHO, too wide.
3) What is a legal Person
=> The CRA and other EU regulation generally distinguishes natural persons (i.e. humans) and legal persons (i.e companies, foundations, trusts, societies).
However there is a catch - groups of people acting in concert are generally seen as a legal person as well - even if they did not bother to create a society, trust, foundation or company.
So in general - it is fair to assume that one natural person teaming up with another natural person - who then work together towards a common goal is to be seen as a legal person.
The converse is may also be true -- a single natural person who has not created some legal entity is likely out of scope.
4) When is FOSS _intended_ for commercial activities
=> Easier - can we turn this around - when is it clearly not ?
=> Or can we take a few characteristics; such as readily usable (i.e. make/build/test scripts, version numbers, release engineering, etc) ?
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
