| Re: [open-regulatory-compliance] Kicking off the CRA Attestations project |
<stuff deleted>.
In my personal view, a successful security attestation program would provide the primitives enabling various models of that nature to flourish, without dictating a specific solution or business model.
Agreed.
Open source communities are widely different:
Again agreed.
- Some communities are mostly corporate-based, some are very much community-driven.
A model that works for a WordPress plugin built by a single maintainer is probably not going to be a good fit for Chromium.
Agreed.
But hopefully, there are primitives that would enable both projects to find a model that works for them.
Agreed...but I think the existing 'governance primitives' *heavily* favor corporate...or just moneyed...interests...who have been unsustainably consuming the OSS community/resource at the lowest price they can pay...i.e. $0 in most of the current models...because they can...as per usual with market dynamics. I think many can see this is not a responsible nor sustainable use under a natural resources frame.
I think it would be nice if the 'primitives' you and others describe showed the capability of addressing this (existential) responsibility/sustainability problem.
Scott
--tobie
_______________________________________________ open-regulatory-compliance mailing list open-regulatory-compliance@xxxxxxxxxxx To unsubscribe from this list, visit https://accounts.eclipse.org