Seems very likely this will lead to “professional repackagers” whose business model is “for a fee you may install our fork of curl and we will promptly reply to emails like this”, unfortunately.
tux3 · 6h ago
I will be surprised if the EU CRA results in more F500 companies entering suppport contracts with their major OSS dependencies, but that would definitely be the ideal outcome.
There's some good pro-consumer intent in this law, but as is often the case the regulators barely understand the ecosystem they're regulating. It was not designed with the massive importance of open-source in mind from the start.
kazinator · 5h ago
Why would it be the ideal outcome? Not everyone writing open source wants to be at the beck and call of some F500 companies.
That's likely the outcome that the corporate interests behind EU CRA want: to put a lasso around the neck of open source and have it be something that either serves them, or does not exist.
Avamander · 5h ago
> I will be surprised if the EU CRA results in more F500 companies entering suppport contracts with their major OSS dependencies, but that would definitely be the ideal outcome.
If it's made simple enough (with an EU legal entity), I see it quite likely.
There's some good pro-consumer intent in this law, but as is often the case the regulators barely understand the ecosystem they're regulating. It was not designed with the massive importance of open-source in mind from the start.
That's likely the outcome that the corporate interests behind EU CRA want: to put a lasso around the neck of open source and have it be something that either serves them, or does not exist.
If it's made simple enough (with an EU legal entity), I see it quite likely.