Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Flowchart from a natural person's perspective -- straw man

In the US we have a model for such tests from Jeff Foxworthy - we need a KISS solution!
https://www.youtube.com/watch?v=jYKXIrZ6w3A

You know you're an open source software steward if ... 

Thanks,

Dick Brooks
   
Active Member of the CISA Critical Manufacturing Sector, 
Sector Coordinating Council – A Public-Private Partnership

Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded.™ 
https://businesscyberguardian.com/ 
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788


-----Original Message-----
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Dirk-Willem van Gulik via open-regulatory-compliance
Sent: Monday, December 23, 2024 5:45 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Flowchart from a natural person's perspective -- straw man

On 23 Dec 2024, at 10:21, Federico Leva via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

> Dick Brooks wrote on 2024-12-22:
>>                         Yes:    While it depends on the minutiae; you are almost certainly fine if it is one of the many typical ASF variations of a CLA.
>>                         No:     you are probably fine; but would be good to introduce a CLA
> 
> Are you saying a CLA à la ASF is likely to shift liabilities from the grantor to the grantee?

What I tried to do here is to introduce/make a start with `tests’ that are easy to understand for all involved.  I.e. to distinguish when a contribution is exactly that - or when, for example, a contribution is really something you were paid for by a customer & sort of token made available as a patch for your downstream - in more of a `circumventing way’.

I.e. like the freelancer cases you show below that can come close to this.

> How? Apart from the unidirectional copyright and patent grant the ICLA only says «Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS» so it explicitly does not override any legal defaults.

Agreed; with US and European style colliding a bit. So my thinking was more to get an indicator that a contribution is clearly `upstream’ and not some sort of commercial variation of the various downstream models or the, outright, open-source-washed stuff.

It may be that part of the advice to open source stewards is to add a sentence such as `Notwitsthanding the above; this contribution is intended as one that qualifies under ???17?? Of the CRA, etc..’.

I expect all well managed open source foundations will need to do something with the CRA’s as soon as the PLD comes in - as that changes the situation around (strict) liability.

> For the case mentioned last week, of a freelance consultant with a regularly maintained software package, it seems they'd always end up worrying they're in one of the two cases where they have to figure out everything themselves:
> 
>> 40:     Are you monetising the work you do on this open source ?
> 
>> 70      Is there an aspect of a sustained basis & ensuring longer term viability of the product.
> 
> Perhaps freelancers need something like a "contract patch" (<https://sfconservancy.org/blog/2019/dec/19/CPupdate/>) but for product liability?

Agreed - we’ve long ignored the case were freelancers, or contractors, all but make a `new product’ on site at their customer with custom patches/tweaks, maintain this for years - and were it is not quite a product but not quite send upstream either for poeople other than those contractors & their customers to practically be able to use.

And obviously exactly that sort of stuff needs to be under the CRA. 

Dw

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org



Back to the top