Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] A more positive take on CRA FAQs and flowcharts



On Tue, Jan 7, 2025 at 10:22 AM Tobie Langel <tobie@xxxxxxxxxxxxxx> wrote:
On Tue, Jan 7, 2025 at 3:49 PM Brian Fox via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
Yes, although I think your hierarchy is upside down. I noticed this in a few previous emails and intended to highlight it for clarity:

 In terms of least to most requirements, I see it as:

Pure Open Source contributor
Open Source Steward
Manufacturer.

My understanding is that the order you describe is the intention of the legislators.

However, because Open Source Software Steward is defined as a legal person only in the text, the concern is that for solo open source developers (and potentially for loosely organized groups of developers) the path entirely skips open source steward and moves directly from "Pure Open Source contributor" to "Manufacturer" on a whim. This is what we would need to clarify.

From my pov and recollection of how this evolved, that's by intent. The early drafts really had non-commercial (contributor) or manufacturer. Then at the last minute to try and capture the cases represented by the oss foundations and other tooling like Github or Maven Central, the steward was created. So for me, I wouldn't expect a project to fit into that steward category. What's not clear even to me though is where the line is between a single project and hundreds of projects where a steward comes in to play. 

I believe this because the legislation basically just says the steward has no fine. The requirements seem to be essentially the same as those of a manufacturer but without the teeth.

Stewards are under a light touch regime which is considerably lighter than the manufacturers. They're not subject to the obligations of Article 13 and only partially to those of Article 14.

--tobie


--

Brian Fox

Chief Technology Officer

Sigstrlogo2x1657561912.png


Back to the top