Since the EU is bringing an act , that needs the products distributed to be flawless , and it applies to open source products too , if a single of their contributor / donor works for a corporate , what will be the future of FOSS in europe with this ?

  • panCatQ@lib.lgbtOP
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    1 year ago

    I wonder if I am developing an app for lemmy and I am based in EU , am I obligated to get an external vulnerability audit done , or pay a 15.million euro fine , since I am working for a corporate with a full time job?

    • zaphod@feddit.de
      link
      fedilink
      arrow-up
      26
      arrow-down
      1
      ·
      1 year ago

      Without having read any part of this act I’d assume you having a job and you developing an open source app are two separate things unless your job involves developing that open source app.

        • zaphod@feddit.de
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          I read several different drafts I could find since writing that comment and although it’s alll written somewhat vague in general, OP’s point isn’t in any draft I read.

      • panCatQ@lib.lgbtOP
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        2
        ·
        1 year ago

        Well if i am developing a product and I work for a corp or if my project is getting donation from a corp , it will be considered as a commerical project , it does not need me to be working on that product as part of my work !!

        • zaphod@feddit.de
          link
          fedilink
          arrow-up
          13
          arrow-down
          1
          ·
          1 year ago

          No, those are separate. It’s about open source projects that have developers working on it in their free time (not getting paid for it) and developers who get paid for it. You having a job as a software developer and working on a project outside your work time doesn’t make it a “commercial activity”.

          • panCatQ@lib.lgbtOP
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            2
            ·
            1 year ago

            Just read the act then ! It keeps it vague enough to consider a person working in free time will be considered a commercial product

          • panCatQ@lib.lgbtOP
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            3
            ·
            1 year ago

            Basically A foss product is not exempted if an employee ( does not need to be a tech employee) contributes to a foss prod , or if a company donates to them ! So even npm packages by individual coders who are employed say.by dominos need to take audit and deliver vulnerability free code .