A number of open-source organizations say that if this act becomes law, it will do damage to open-source, both in Europe and globally.
Surprised that such a long article never quite got around to explaining exactly what is the problem?! They (eventually) mentioned vulnerability reporting as one concern - is that it? Is there something else?
Looking for an original source, the Eclipse letter seems to just be saying that open source organisations should be consulted?
The idea behind it was undoubtedly “good” and had protection of citizens in mind. As always the implementation was “lacking” maybe due to failure by regulators to understand how FOSS works. But surely the open source community will find a way to work around this as it has always done.
“You can’t use my software if you’re in the EU.”
There. Maybe if they fuck around and find out that the bulk of server software relies on open source software made by volunteers, they’ll get their head out of their ass.
The problem with that (which I would absolutely support if they want to pull nonsense like this) is that you’re already under licenses that preclude that for everything already existing. It’s not a real option.
Great. So what, will they just be able to directly debit our bank accounts for the $15 million fine when we’re found to violate their stupid law? Or will every open source developer will be barred from taking a vacation in the EU lest interpol nabs them for breaking this stupid law? What is their enforcement mechanism?
No, but Europeans contribute to open source, too, and if they actually go through with this it’s going to fuck up a lot of projects.
I think I’m going to buy some shares of VPN software companies…
Freedom zero precludes any such restrictions - free software licenses don’t have any restrictions on use
So how do they enforce this? They ask to extradite me or seize my bank account if I don’t provide security patches in their preferred manner?
I agree, power to regulate should be given to knowledgeable people who understand what they are ruling about. At least proprietary software using open source libraries and frameworks (released unfer LGPL or Apache or MIT licenses) is not affected and can continue to sponsor FOSS development so this is not the end at all. What I said is that maybe communities will find a way to continue operating however.
