On Thu 10/Nov/2022 19:41:21 +0100 Niall O'Reilly wrote:
On 31 Oct 2022, at 10:14, Alessandro Vesely wrote:
What software would you use, a fully certified, professional OS, or a run-at-your-risk
product by hobbyists who are exempted from security regulations by a compassionate
exception to the Cyber Resilience Act?
I don't understand what the point of this (perhaps rhetorical) question is.
In a former day-job, I've had to deal with a "professional" Linux distro,
whose provider was so risk-averse, and who operated such an ossified
acceptance process for integrating upstream FOSS packages, that the distro
was operationally unfit for purpose unless I chose to do without the
"protection" supposedly provided by the "professional" packaging.
Yup, it may well be that the Cyber Resilience Act is going to result in a
grossly scatterbrained attempt at imposing rules that nobody will follow.
However, I fear the act can be orchestrated with big software producers in such
a way that their products only will be able to advertise the certification.
I also know some hobbyists whom I would trust with my personal physical
safety, or even my life.
Users at large, however, don't know how software is produced. Branding
certification can have an impact on their decisions. A captivating campaign
could reduce FOSS market share by a great deal.
The only thing one can be sure of with certification is that the holder
of a certificate managed to pass the test.
For fairness, all software producers should have equal opportunities to have
their software pass the test. Free software should be tested for free,
regardless of what its authors do for a living.
https://dilbert.com/strip/2000-08-31
:-)
Best
Ale
--
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/cooperation-wg
