Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[open-regulatory-compliance] Minutes from the last due diligence meeting

Dear all,

find here the link to the minutes of the meeting we had today.
The main topics that have been discussed today are:
  • Fair Share Cost Token: The group reviewed an upcoming IETF RFC designed to improve communication standards between open source projects and manufacturers, aiming to mitigate spam and improve reporter verification.
  • Defining Due Diligence: The task force agreed to shift away from broad debates on the definition of "due diligence" and instead focus on three concrete phases: initial selection, ongoing compliance, and vulnerability handling.
  • Article 13.5 Scope: To improve clarity, all existing work will be explicitly labelled as "Article 13.5 due diligence," and relevant pull requests will be updated accordingly.
  • Manufacturer Obligations: While the primary focus remains on manufacturer obligations, the group recognised the tension between these requirements and the roles of upstream open source projects; manufacturers will be prioritised in the initial white paper deliverables.
  • WG9 Standards Concerns: Members identified a conflict in the CEN/CENELEC WG9 draft, which incorrectly mandates reaching out to individual maintainers rather than following established EC contribution processes.
  • Abandoned Components: The group reaffirmed that using abandoned FOSS components likely fails due diligence criteria, noting that manufacturers utilising such software must be prepared to take over maintenance responsibilities.
Best regards,
Juan

--
Juan Rico
Senior Manager ORC, Oniro and Cloud Programs | Eclipse Foundation Europe GmbH | X | LinkedIn | YouTube | Instagram | Bluesky | Mastodon

Eclipse Foundation: The Community for Open Collaboration and Innovation



Berliner Allee 47, 64295 Darmstadt

Handelsregister: Darmstadt HRB 92821

Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge


Back to the top