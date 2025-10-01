When the news of the EU's Cyber Resilience Act (CRA) first emerged, open source software developers and companies were worried sick. As the Python Software Foundation (PSF) executive director Deb Nicholson said at the time, "Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products." Ouch!

Since then, however, the EU has made the CRA more open source friendly. How friendly? Well, according to Greg Kroah-Hartman, a top Linux kernel maintainer and member of the CRA working group of experts, "for open source contributors and maintainers, … [the] CRA is a good thing. I think it's gonna help us.

Speaking in Paris at the Linux Kernel Recipes conference, Kroah-Hartman started by saying, "You never expect to be dealing with lawyers and things like that when you start out programming. But here I am. This is all my personal opinion." But, he believes, the CRA has become "something that's actually palatable and can be used" for open source's benefit.