Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Placing software on the market - General issues 
On 16 Oct 2025, at 18:33, Brian Fox via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

> As I've followed along this thread, some additional thoughts come to mind. Some package registries like Central, are essentially immutable. This interpretation on downloads I think means that the 5 year support clause never ends as long as something is available to download. Note: Not everything in Central is open source these days, some things are commercial-ish so lets assume there are at least a minimal CRA implication for these things. Does that mean that manufacturers need to be able to fully "disappear" old software to start the 5 year clock ticking? Does a book need to get removed from a library or archive to take if off the market?

I think we could tackle these as feedback to the OSS Guidance document; e.g - very loosely written something akin to below:

Would that help ?

Dw.


	Example Z

	A company or open source steward[1] A distributes its component intended for integration via a package repository B on the first of January 2030 as 'version 1'.

	Company C and D fetch this component shortly thereafter and places a product  digital element on the market with a reasonable economic life of 5 years.

	A maintains this component actively and updates this component regularly; each time increasing the version.

	With company C pickling up a new versin from B and generally doing a release shortly thereafter.  Company D does not make any further releases after Januari 2030[3]

	A maintains a list of versions that are end-of-live and no longer supported[4].  In Februari 2035 A declares version 1 as End of Life.

	A is not obligated to notify B. A is not obligated, nor able, to notify C or D with whom it has no relation.

	B is not obligated to remove v1 of A its package from its repository - but may take technical measures to mark this version EOL.

	A (in case of it being a company) and C continue to meet their support obligations for current and new sales.

	D has to withdraw its product from the market[4]; and D is to provide support on A its version to any for the remaining years[5]

Back to the top