[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [open-regulatory-compliance] A more positive take on CRA FAQs and flowcharts
|
On 3 Jan 2025, at 19:04, Ilu via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
>
> Aaaaand we are back to the in-or-out discussion. :-(
>
> A simple search through the CRA document would have led you to Art. 4
> (3) - testing is ok "only for a limited period required for testing
> purposes". The EU is not completely stupid.
./....
> All I've seen so far is participants trying to find ways around said
> regulation and contributing nothing but supposed "hacks" to avoid basic
> supply chain security.
>
> IMHO this paints a very bad picture of FOSS. Of course the CRA has some
> more (partly rather stupid) requirements (mainly for manufacturers) but
> the core of it is things which we should have done already anyways (and
> which good projects are already doing).
>
> I know I'm being controversial but I'm doing this on purpose in the
> interest of our communities because I think this working group needs a
> kick to get going. I'm still hopeful ...
No you are not - I think you are largely capturing consensus.
And I would personally stress that the CRA is long overdue & much needed
by the industry; with Open Source generally waaaay ahead of the wider
industry when it comes to solid release engineering, timely triage of
vulnerabilities and risk based fixes / responsible disclosure.
So *do* keep kicking our collective asses in shape :) please :)
:) :) :)
Dw.
