1/3 @IvanSanchez at #FOSS4G: "something something Cyber...

1/3 @IvanSanchez at #FOSS4G: "something something Cyber Resilience Act (#CRA) something something"

plus some joking¹, criticism, etc.:

- legislation = program
- CRA: hey, we should do something reg. security of software and stuff
- CRA is quite short and simple, but …
- #FLOSS foundations took a look and … "what the heck?!"
- and programmers are taking things litterally¹
- current state seems to be "it's difficult" and thus also "maybe no big deal, but still risky"

¹ https://noc.social/@doublebyte/112728715113895030

Ivan Sanchez at speaker post, with some FOSS4G posters around and title of his presentation above:

"A critic analysis of the CRA"

Like 4 July at 14:42 | Open on mastodon.social

2 comments

Peter Hanecak

2/3 Example 1: If I pay say Amazon some money for a VM with Linux and PostgreSQL, will CRA cover Amazon?

Well, maybe, according to Amazon lawyers, no. Because they are charging just for the VM and that software is provided for free by somebody else. (And those "somebody else" might be thus covered by CRA, even if not getting any money from those VM payments.)

Ivan Sanchez with a slide showing what portion of money for a Linux+PostgreSQL VM goes where:

- some ¢ per hour goes to Amazon for "EC2"
- some ¢ per hour goes to Amazon for "Backplane"
- 0¢ to nobody for PostgreSQL

4 July at 14:55 | Open on mastodon.social

Peter Hanecak

3/3 Example 2: What we know from "cookie law" is, that almost no company will comply with a/the regulation in a way which is good for a user, e.g. in a way compliant with the spirit of the law.

4 July at 14:58 | Open on mastodon.social