On Fri, 27 Jan 2023 09:16:09 +1300, Peter Reutemann quoted:
'The EU's proposed Cyber Resilience Act (CRA), which aims to "bolster cybersecurity rules to ensure more secure hardware and software products," could have severe unintended consequences for open source software, according to leaders in the open source community.'
Another opinion piece <https://www.theregister.com/2023/01/30/opinion_eu_foss_security/>: This is an imperfect process, as regulations always are. Companies and free market libertarians chafe at not being allowed to poison, crush or electrocute paying customers or passers-by. But it turns out a well-regulated market inspires consumer confidence, doesn't stop innovation, and adds value to entire sectors. That it annoys libertarians is just a free bonus. ... The principle of regulating digital products to make vendors take responsibility for cybersecurity is excellent but it demands proportionality. FOSS that is absolutely free of commercial interest isn't somehow more secure than one where you can buy a support contract. A far more general exemption that recognizes the intrinsic security advantages of software that is automatically transparent makes far more sense.