This is the opportunity to write a wish list
This is the opportunity to write a wish list
Posted Jan 9, 2026 15:21 UTC (Fri) by raven667 (subscriber, #5198)In reply to: This is the opportunity to write a wish list by alx.manpages
Parent article: European Commission issues call for evidence on open source
As i understand it donations don't trigger obligations from the CRA, only commercial sales and contracts, so a hobbiest volunteer who isn't maintaining a software project in a commercial professional capacity should be clear of liability to whoever finds it on the internet and decides to integrate it into a commercial product. That's why I tried to be clear that this may be an opportunity for those developers who _want_ to commercialize their software maintenance activity, by prodding their downstream commercial integrator to put more value on it and maybe be willing to pay to exchange the liability. European insurance providers should research what a cyber-insurance policy should look like for a small FOSS maintainer who makes this kind of business arrangement, what's the risk and what's the liability, because an actuary can probably put some solid numbers around that, so a FOSS maintainer knows what they need to charge to continue maintenance and make their downstream whole if they make a mistake. The real-world cost of a CVE in some library is not generally infinite.