Will a company retract an OSS project due to the Cyber Resilience Act?
Mini
6
Ṁ232
2027
28%
chance
https://www.theregister.com/2023/12/04/infosec_in_brief/
CRA will force many small enterprises and most probably all self employed developers out of business because they simply cannot fulfill the requirements imposed by CRA. Says Debian
https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/

Github raised this potential problem about the Cyber Resilience Act of the EU:

Problem 2: The CRA regulates open source projects with corporate developers

Open source projects are often multi-stakeholder: they receive contributions from developers building as individuals, volunteering in foundations, and working for companies, large and small. The current text (Recitals 10 and 10a) would regulate open source projects unless they have “a fully decentralised development model.” Any project where a corporate employee has commit rights would need to comply with CRA obligations. This turns the win-wins of open source on its head. Projects may ban maintainers or even contributors from companies, and companies may ban their employees from contributing to open source at all. The result will be a less innovative and less secure software ecosystem.

Resolves YES if a company retracts an OSS project they published and blames the CRA for that.

Resolves NO if the CRA is abandoned or if no such announcement is posted in the comments.

Closes one year after the CRA regulation becomes active (which seems to be two years after the EU formally adopts). Close date will be adapted accordingly.

Get
Ṁ1,000
and
S1.00
Sort by:
predicts NO

CRA will force many small enterprises and most probably all self employed developers out of business because they simply cannot fulfill the requirements imposed by CRA.

Says Debian