Free, Libre, and Open Source Software and European Rules
-
The Register UK ? Critical vulnerability in Mastodon is pounced upon by fast-acting admins
"Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5."
Rochko said that full details of the vulnerability will be published on February 15, giving admins two weeks to upgrade to the latest version. He said that the disclosure of "any amount of detail would make it very easy to come up with an exploit."
-
Keenan ? RSS readers make me want to jump into a vat of acid!
Okay, and also?real quick?it has to be said that I love websites.2 I believe personal websites are a part of the larger whole of someone's creative identity. It is an object I want to cherish, to immerse myself in, just like I long to clutch a book I adore in my hands. I want to see a whole person spilling onto the page. Not the tidied, uniformly-formatted collection of just words on a pleasant gray background, rendered in San Francisco Rounded, visually indistinguishable from the piece that came before and the piece that follows.
Yes, I could use an RSS app solely to perform triage (a job) and find the things I want to read, and then go to the website directly, but that just adds another layer of maintenance (a job). An obligation to prune (a job). A dip of the toe into the swirling miasma that with every gurgle threatens to suck me in and smother me in more (a metaphor). More, more, more.
-
OSI Blog ? The European regulators listened to the Open Source communities!
During 2023, OSI and many others across the Open Source communities spent a great deal of time and energy engaging with the various co-legislators of the European Union (EU) concerning the Cyber Resilience Act (CRA). Together with a revision to Europe?s Product Liability Directive (PLD), the CRA will bring the responsibilities of product liability to software for the first time.
In the light of the EU?s own research showing the huge impact of Open Source on Europe?s economy, the authors of these legislative instruments sought to ensure that the lifecycle of Open Source software was impacted as little as possible. Indeed, at FOSDEM 2023 the authors of the CRA and PLD said as much in their first-of-a-kind main track appearance. But when we all looked at the details, community members found that was not as true as we hoped. As a range of organizations explained, the CRA was likely to be an existential threat to Open Source development, because instead of placing all the compliance requirements of the CRA on companies deploying Open Source software for profit, the obligations as written potentially fell on developers and Open Source foundations.
-
LWN ? Phipps: The European regulators listened to the Open Source communities
Simon Phipps writes on the Open Source Initiative blog that the latest version of the European Cyber Resilience Act is much improved: ""As a result of all this effort from so many people, the final text of the CRA mitigated pretty much all the risks we had identified to individual developers and to Open Source foundations.""