Open source is not meant to be free of charge. It is just meant to have no internal ledger (everyone contributor bears their own costs and derives their own benefit from the greater work) – but since open source has to make no distinction (internal=external) that also resolves as no external ledger, by accident. (Aside: This by the way is a major issue legislatively, where the “internal” development of open source code ends up regulated much more than that of proprietary code.)

But that's unfortunately led to a worldview that wants to treat all engagement with open source as philanthropic, denying those engaging in supporting roles any means of compensation and guilt-tripping anyone who needs support into silence. I call that “dictating other people's sacrifices” – it happens all over the charity sector too, where people seem to think skilled workers should work for peanuts “because it's a charity”. I try to make sure that all the places where I have a say pay as many people as they can all they should, and then leave it up to those people how to spend (or donate) the resulting income.

Tags, Links and Mentions

• #OpenSource #Community #Sustaining #PayTheMaintainers #FreeSoftware #SoftwareFreedom #Governance #Notes

Follow @webmink@the.webm.ink to be informed of new posts. To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.

I wrote recently about the possible origin of a serious defect in terminology in the Impact Assessment of the Cyber Resilience Act (CRA). But this is not the only problem with the Impact Assessment. A crucial one appears in Annex 2 (on page 4 of the Part 2 pdf), where it becomes clear from sections 2-4 that no open source communities or community fiduciaries were consulted as stakeholders.

In the comments by the European Commission's policy officers given during a FOSDEM Main Stage panel it became clear they had been working on the language of the updates to the Public Liability Directive (PLD) and CRA for a significant time. When asked why they had not consulted the community until now (at 1:27:45 on the video), they replied it was the community's responsibility to find out about their work and show up to published consultations.

It is not enough to expect the open source ecosystem to spontaneously show up – it is not structured in a way that makes that likely. In any case the consultation process has no category for individuals who make economically significant works outside the role of “Company” or “Workforce”. In other words, there were no consultations aimed at the community. At best we will show up late in the process asking why no-one called, as we are now.

It is not unreasonable to ask to be treated in a way respectful of these realities; the process does so for SMEs. Section 4 of Annex 2 observes “However, it has been very difficult to get substantial input from SMEs.” As a result there was extensive, targeted outreach to SMEs resulting in significant inputs. No equivalent effort was made to reach out to open source charities like OSI, or to significant fiduciaries like Apache, Eclipse or Python.

There are some inputs all the same. It's great that companies in the open source ecosystem do show up in consultations, and I know of a number who have lobbyists in Brussels. But they cannot be relied on to explain or even consider the perspectives of the significant number of community participants either outside their interest area or even opposed to it.

It is very important to find ways to give a voice to the true community and not just its corporate members. Open source is a social movement with software artifacts and market consequences. Paying heed only to the latter (or even the latter two) is an inadequate approach. You can't proxy through SMEs, let alone multinationals and their lobbyists.

This is a serious and persistent issue with the Commission's work; they need to become aware that when proposals affect the open source ecosystem (of which the open source software market they value is a part but not the whole), it is essential for them to treat the members of that ecosystem as key stakeholders and make at least as much of an effort to reach out to them as they do to SMEs — possibly more.

#CRA #PLD #Policy #OpenSource #Community #4thSector

Follow @webmink@the.webm.ink to be informed of new posts. To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.