The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity
Posted Apr 21, 2023 23:57 UTC (Fri) by pizza (subscriber, #46)In reply to: The Python Software Foundation on European cybersecurity by pbonzini
Parent article: The Python Software Foundation on European cybersecurity
Posted Apr 22, 2023 13:58 UTC (Sat)
by kleptog (subscriber, #1183)
[Link] (8 responses)
In any case, for those following along, this is the current timetable:
Consideration of draft opinion 24-25 April 2023
So in a few days we should see the list of proposed amendments, then we'll have something new to talk about.
Maybe they were trying to get their response in before the deadline?
Posted Apr 23, 2023 8:00 UTC (Sun)
by coriordan (guest, #7544)
[Link] (7 responses)
This week is absolutely crucial. We need good amendments to be tabled. Otherwise, there's nothing good for the MEPs to vote for. It would still be possible to get existing amendments changed during negotiation of the compromise amendments, and technically there can be amendments tabled at the plenary stage, but that's way more difficult. And it's particularly difficult in the final year of the legislature because there's a rush to finish everything before next year's elections. Some people think the CRA is no problem because it's for "manufacturers" and because "non-commercial" free software gets an exemption, but "manufacturers" is a legal term that can include software developers and distributing something at zero-cost can be "commercial" (it's in the Blue Guide). Also, free software businesses are essential, so we need to think about keeping them safe from (what could be) an absurdly massive amount of compliance work, or even a medium or small amount of compliance work which could tip things in favour of "nah, contributing would be too much hassle". (Minor note: The meeting agenda for the 24-25 ITRE debate gives "27" April as the amendment tabling deadline. But I also heard 26 in the EP, so it could be 26.)
Posted Apr 24, 2023 14:23 UTC (Mon)
by kleptog (subscriber, #1183)
[Link] (6 responses)
The suggestion that business can give away their source code as an alternative to managing it all themselves (amendment 20). Amendments 107/108 alters the "shall not be sold with vulnerabilities" that I've seen worries about. Amendment 55 clearly pushes responsibility of open-source components onto the integrators. Amendment 78 obliges the Commission to clarify which the impacts are on various types of businesses.
Unfortunately, no references to definition of open-source itself. Not surprising though, since no open-source organisations submitted any feedback. (The list of organisations that responded to the committees is listed at the end of the documents). Hopefully some of the parties have submitted relevant amendments (they should be published next week).
[1] https://www.europarl.europa.eu/doceo/document/ITRE-PR-745...
Posted Apr 24, 2023 15:04 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
> Unfortunately, no references to definition of open-source itself. Not surprising though, since no open-source organisations submitted any feedback. (The list of organisations that responded to the committees is listed at the end of the documents). Hopefully some of the parties have submitted relevant amendments (they should be published next week).
Not read the amendments, but if it's the open source integrators' responsibility, then the manufacturer cannot implement "technical protection measures". As an absolute minimum, open source should guarantee that both the customer, and the *business* with legal liability, should have access and freedom to all the tools required to keep the software up-to-date.
That's forcing an open-source toolchain onto the manufacturer, if they want to offload responsibility - you don't want them to say "you're free to update your own software, but you need to spend Euros XK on a custom toolchain ..."
Cheers,
Posted Apr 25, 2023 5:11 UTC (Tue)
by coriordan (guest, #7544)
[Link] (4 responses)
We're there (as "Open Forum Europe"), along with FSFE and Wikimedia.
I've been in contact with 70+ policy makers in the EP and Council and I hosted a workshop yesterday with 12 policy makers and 6 representatives from free software organisations (foundations and companies).
We're working on it.
Recital 10 kinda defines free software: "free and open-source software (...) This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable." (It's not exactly a definition, but all the elements are there.)
Important to remember that the ITRE document is the rapporteur's amendments. This week is the deadline for the other committee members to submit amendments, and then there's discussions and a vote to decide what the final ITRE amendments will be.
Posted Apr 25, 2023 9:04 UTC (Tue)
by kleptog (subscriber, #1183)
[Link] (3 responses)
Posted Apr 25, 2023 9:29 UTC (Tue)
by coriordan (guest, #7544)
[Link] (2 responses)
Posted Apr 25, 2023 12:50 UTC (Tue)
by zdzichu (subscriber, #17118)
[Link]
Posted Apr 26, 2023 7:37 UTC (Wed)
by kleptog (subscriber, #1183)
[Link]
I mean, I could send pizza money but I'm hoping that's not where the difficulties lie.
The Python Software Foundation on European cybersecurity
Deadline for tabling amendments 26 April 2023, 18:00
Consideration of AMs 22-23 May 2023
Consideration of CAMs 28-29 June 2023
Vote in IMCO 28-29 June 2023
Vote in ITRE September 2023 (tbc)
The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity
[2] https://www.europarl.europa.eu/doceo/document/IMCO-PA-742...
The Python Software Foundation on European cybersecurity
Wol
The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity
The Python Software Foundation on European cybersecurity