1/3 @IvanSanchez at #FOSS4G: "something something Cyber Resilience Act (#CRA) something something"
plus some joking¹, criticism, etc.:
- legislation = program
- CRA: hey, we should do something reg. security of software and stuff
- CRA is quite short and simple, but …
- #FLOSS foundations took a look and … "what the heck?!"
- and programmers are taking things litterally¹
- current state seems to be "it's difficult" and thus also "maybe no big deal, but still risky"
2/3 Example 1: If I pay say Amazon some money for a VM with Linux and PostgreSQL, will CRA cover Amazon?
Well, maybe, according to Amazon lawyers, no. Because they are charging just for the VM and that software is provided for free by somebody else. (And those "somebody else" might be thus covered by CRA, even if not getting any money from those VM payments.)