Do we really want to continue?
Do we really want to continue?
Posted Oct 7, 2025 9:22 UTC (Tue) by paulj (subscriber, #341)In reply to: Do we really want to continue? by farnz
Parent article: F-Droid and Google's Developer Registration Decree
What if I, as part of this journey from a research project sponsored by donations towards a self-sustaining Free Software project that lives off both general sponsorship and specific contracts to continue the work, am at the stage where I want to setup a small company (non-profit[1]) to hold the assets and be the nexus for donations and allocating funds to the sponsored developers. Do I need to start worrying at that stage about CRA lawyers? That's an additional expense over the accountants fees to setup and maintain the company.
From what you say, the technical stewards of such an effort, would need to start worrying about CRA at about that point.
1. Non-profit, but not a charity. The whole 501(c)(3) thing in the USA for Free Software sponsorship foundations largely stinks - at least certainly is ripe for abuse (which I have seen, in the brief time I was with a small foundation). Thankfully, charitable status is much much harder to get over here in the Celtic Isles.
Posted Oct 7, 2025 12:04 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
Very much so. BUT. You're now a small company. You are providing services, for which you need to keep books. You just make it EXplicit in your contracts whether or not you are affixing the CE mark (or CRA equivalent) to your software.
The software needs a CRA mark. Does your contract say you are a middle-man providing development services to your customers - in which case presumably they affix the mark and pay you extra to fix problems; or are you providing them with the software as a product, in which case you affix the mark and need to budget for bug-fixing from your own budget.
Once you're a company your contracts will state who is liable.
I won't say that's simpler - as you know my position is "no contract no liability", but that seems to be a bit contentious ...
Cheers,
Posted Oct 7, 2025 12:24 UTC (Tue)
by paulj (subscriber, #341)
[Link] (5 responses)
That's fine. Throw X hundred per month at the accountants to whatever is necessary to maintain the necessary web portal for me to add whatever required records and them to take care of whatever else is necessary. They don't know anything about and aren't going to touch CRA stuff though. ;)
> Does your contract say you are a middle-man providing development services to your customers - in which case presumably they affix the mark and pay you extra to fix problems;
Aha. Ok... So, that avoids the issues. I just remain a "development services" firm/NPO, and the Free Software I/we publish is just the sample code of what I/we can provide services for?
I'd hate to think that I could get stuck with loads of red-tape obligations or, worse, must-do-free-work obligations (e.g. requiring me to handle security reports), just cause I/we put some code that we developed for a /paying/ "customer" on a consultancy / development services basis on whichever GitHub. ?
Posted Oct 7, 2025 13:58 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (4 responses)
The idea of the CRA is to apply *exactly* the same logic. A CRA mark *MUST* be applied to every digital component. In the case of a fault, the authorities will follow the chain, from the finished product manufacturer, all the way down to guys who applied the CRA mark to the faulty software.
And if Jo Bloggs Inc downloads your software, puts it into their product as a component, and has trouble with it, the authorities will go hunting for the guys who affixed the mark. If they find you, and you go "Huh? Who's Jo Bloggs Inc?" the authorities will go back to Jo Bloggs Inc and demand to know who affixed the mark. If you have no contract with Jo Bloggs Inc, they have absolutely NO evidence that a mark exists, therefore the authorities will say "You (Jo Bloggs) affixed your mark to your product. Because paulj's software had no mark, therefore Jo Bloggs applied the mark to paulj's software, therefore it's Jo Bloggs' problem".
So it's down to you whether you sell development services and don't affix a mark, or sell a maintenance contract which presumably will include a mark (your customer would be mad to accept a maintenance contract without it). And because the mark is part of the maintenance contract, nobody else can come along and say "hey I'm going to use the same mark".
Cheers,
Posted Oct 10, 2025 16:15 UTC (Fri)
by kleptog (subscriber, #1183)
[Link] (3 responses)
Right. This is the critically important thing I see many people missing here. The terms of the CRA do not apply to the product itself, they apply to the *contract between you and the customer*. They're basically standard Terms and Conditions.
Hence, statements like "is Google Sheets covered by the CRA?" are meaningless. The correct statement is "when I am using Google Sheets, does the CRA apply to our contractual relationship?". Now, since Google probably doesn't feel like maintaining two different versions of Google Sheets, if you're using it for free you probably get the benefits of the CRA, except Google doesn't actually owe you anything. Only the people who actually pay to use Google Sheets (Google Workspace users basically).
You're a non-profit holding some trademarks and keeping a website in the air? The CRA doesn't apply because you don't even know who is downloading stuff. Who are the parties to the contract it would apply to?
Someone clicked on your "donate" button and gave you some money? Again, you never offered them anything so there is no contract for the CRA to apply to.
The only people that need to care are people offering services to do things with free software. They need to make clear they're not actually selling the software, but the end-user is getting that from the original source. I'm sure FSF-Europe or similar have some standard verbiage for that. There are provisions to prevent companies saying things like "you're buying a Splunk service, the Splunk software itself is free and so no CRA". The basic principle is not complicated though.
Posted Oct 10, 2025 18:01 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
I got a preliminary reply about that, and it's apparently a gray area. While Google is not getting money from you directly, it's still getting (significant) income from showing ads for the free GSheets version. So even it is likely to be covered by the CRA.
Posted Oct 10, 2025 18:59 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
And again, if Google is receiving money from the ad vendors, it is the VENDORS who are covered by the CRA, not users.
Cheers,
Posted Oct 10, 2025 18:57 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
Simply said, you're paying Splunk for a service. So everything Splunk says you need to access the service is covered. Take eg a mail-server.
If Splunk says "you can use the mail client of your choice to access our server", then the client isn't covered. BUT.
If Splunk says "you can only access our server if you're using Outlook", then Splunk is on the hook for security problems with Outlook. Sounds unfair? Well, if you can't access the service you've paid for, without using dodgy insecure software, the CRA doesn't care. Splunk had better have a contract in place with Microsoft !!!
Cheers,
Do we really want to continue?
Wol
Do we really want to continue?
Do we really want to continue?
Wol
Do we really want to continue?
Do we really want to continue?
Do we really want to continue?
Wol
Do we really want to continue?
Wol