Of course you can't expect someone who just put something online as a hobby project to take much responsibility. But to ask some basic security/reliability from companies, foundations etc... Shouldn't that just be normal?
However the software has a terrible label placement algorithm that happily switches around the labels of adjacent elements. And it does so without notice after some changes to the model. That is behavior that can lead to pretty dangerous mistakes.
The reply of the software company: you have to check it anyway. That is why you get paid, right?
These can be quite intense (but, to be fair there's a ton of dross, there, as well). Probably best to avoid the broad brush.
These websites and applications can still have vast security implications depending on what kind of data is being collected.
The advertising industry has done security a huge disfavor by collecting every bit of data they can about everyones actions all the time. Adding some ad library to your website or app now could turn it into a full time tracking device. And phone manufactures like Google don't want this to change as the more information they get, the more ads they can stuff in your face.
This is only about safety. As i told to my coleagues in a former workplace: Safety first (that was one of company's mottos), quality second.
For SW ? No way. For electronic components, yes, for mechanical components, yes, but not for software. It is not cool. Fixing bugs is much, much harder than modifying UI elements (hello Google, Microsoft) with every release.
Greg KH says it's going to be great... let me ask, can I /dev/null the email Greg?
whitehexagon•4mo ago
I share code for the good of the industry and society. A lot of what developers do, is solving problems, and the solutions can often be time consuming and difficult to find. So there is a lot of value in Open Source.
What I will not do, is accept personal liability in any way for those solutions I share. Then it becomes a professional partnership, and I will expect a contract and compensation.
CRA has a simple effect for me, I will no longer share code. I have deleted my github account because of this trend to "know your developer", and as a small stand agAInst our rush towards AGI. I wonder where the liability lies for all this AI/LLM regurgitated copyrighted code?
detaro•4mo ago
whitehexagon•4mo ago
detaro•4mo ago
whitehexagon•4mo ago
Borealid•4mo ago
If you allow yourself to make money from the code, you're accepting liability for it. If you choose not to accept money in exchange for it, you don't have to accept liability.
This seems fair to me - the law doesn't let you both "sell" it (however low the minimum price is) and refuse to give any rights to the people who gave you money.
hcfman•4mo ago
In the past we could choose to work for peanuts with low risk. Now we can't. We have to work for nothing or work for a lot to have a chance of covering compliance.
jeroenhd•4mo ago
And even then, you have to be unlucky enough to actually get caught and investigated by market surveillance authorities. I think you're going to be more likely to get caught up in income/donation/gift tax bracket fraud investigation than to ever feel the impact of the CRA as a hobby open source dev.
iamnothere•4mo ago
If you’re a FOSS dev in the EU who works on something controversial, and you accept donations, it would be better to outsource the project “ownership” to someone unnamed or outside of EU jurisdiction.
pixl97•4mo ago
Now, from a US perspective rather than an EU one, even being investigated in the US carries a huge risk. It is especially bad in the case that someone wants to prove a point against you. You could suddenly find yourself having to spend huge amounts of money defending yourself because someone wants to make a name for themselves, or you pissed a large political donor off.
iamnothere•4mo ago
Perhaps the future is shadowy projects led by an anonymous figure who merely merges pull requests, while named devs contribute work and receive support from their fans/supporters.
jkaplowitz•4mo ago
"There is no legal risk for individual contributors simply sharing code online or in publications, even when they receive payment for writing an article, as long as the software itself is not monetized or organized."
So, maybe EU developers would have to learn the safe wording through which to solicit and accept donations, but at the very least, donations supporting their software activities in general (and not tied to a specific software program) will likely not increase CRA requirements - and maybe even voluntary donations to support development of a specific software program but which are not in any way mandatory.
eduction•4mo ago
SAI_Peregrinus•4mo ago
eduction•4mo ago
iamnothere•4mo ago
I am hoping an anonymous ecosystem springs up due to the increasingly hostile legal environment around development.
ale42•4mo ago
eduction•4mo ago