| Re: [open-regulatory-compliance] Open Source Software Stewards and CRA Whitepaper: review in progress until November 20th |
Dear all,The "Open Source Software Stewards and CRA" White paper has reached a stage when it is ready for a general review, with the publication expected at the end of this month (end of November 2025).
The goal of the document is to provide our understanding on the operations of Open Source Stewards and their obligations. It ISN'T the goal to provide rules on deciding if an organization is a Steward or not.
You say this, but the first sentence in the Abstract is:
The Cyber Resilience Act (CRA) defines a new category of organizations...
New category of *organizations* (defined by gov/legal org and requiring $$ to form, maintain, etc). Which I would say in many real cases...right now...*excludes* the very people (project team members, maintainers, aka software labor, etc) that are *capable* of actually implementing *any* non-trivial requirements.
I'm sure there are plenty of legal/policy/manager types that are more than happy to say...in effect (and with lots of unnecessary legal language/jargon) that 'it's impossible to define into law/policy requirement on anything *but* a legal organization'. If that's actually true in practice or policy, then I would say it would be worth asking yourselves: is this going to do more harm...to the open source community...than good?
If you're interested in the subject, it is the ideal moment to spend some time reading the document in order to provide your feedback.The unified text of the white paper is:
There are already discussion ongoing on various topics:
_______________________________________________ open-regulatory-compliance mailing list open-regulatory-compliance@xxxxxxxxxxx To unsubscribe from this list, visit https://accounts.eclipse.org