One of the proposals in the Cyber Resilience Act (CRA) is that European standards bodies should develop suitable standards that help simplify conformance. Bert Hubert explains how this might work in his extensive CRA explainer.
There's a crucial issue here for open source. EU policy experts say not to worry about CRA compliance because the EU standards bodies will streamline it. But the ESOs are corporate-controlled, patent-loving & expensive to engage. Shouldn't the EU address this if they want open source accommodated?
Perhaps all the problems we are having with the Cyber Resilience Act (CRA) arise from a misunderstanding of specialist language used by an academic evolving into an imperfect use of the term “commercial” in the exclusion of open source from the CRA?
You're not going to fix Europe's proposed Cyber Resilience Act (CRA) by defining “commercial”. The problem is not a lack of clarity in the term; it is the act of triggering applicability of the regulations on an attribute of the work rather than on the act of deploying it in commerce.
While the Free Software/Open Source movement is based on an essential and timeless concept — that users of software should be self-sovereign in that software — the linguistic frame in which it was positioned long ago continues to have some unfortunate consequences that ironically distract from the very goals the frame sought to achieve.
One of the tragedies of platform lock-in is that it's victims suffer from a kind of trauma bonding where instead of blaming the proprietary software or walled-garden platform that's locked them in, they find fault with the thing that's going to liberate them. That's lock-in syndrome. We've seen a lot of it lately what with the waves of Twitter Migration.
I often hear about how open source is not sustainable because it is “made by volunteers”. But that's misunderstanding the nature of volunteering in open source projects. Volunteering is relative, not absolute and it is not a useful indicator of the sustainability of a project because in independent open source projects all contributors are volunteers.
The shadow may seem more real than the thing itself
Many of the arguments that turn up in the Free and Open Source Software movement(s) – between people who apparently should agree – are because of a difference of view over the appropriate degree of causality that applies to the situation. This conflict between degrees of causality actually powers many other human disagreements too.