Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2023-10-18 01:07:04

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,076
Website

EU Cyber Resilience Act and open source projects

This may be of some concern for Textpattern – or Textpattern plugin authors: Can open source be saved from the EU’s Cyber Resilience Act?

Disclaimer: it is the Register with its flowery write up, and I have not seen much info about this draft EU act (mostly coming from some BigCo employed 9to5 dev whining about more administrative overhead).


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#2 2023-10-18 06:03:44

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,269
Website GitHub

Re: EU Cyber Resilience Act and open source projects

Patently ridiculous. A central governmental database containing every unfixed vulnerability for every piece of software is a goldmine for people to try and obtain and exploit.

And what of the 20 or so “vulnerability reports” we get a year that actually aren’t?Allowing people to upload PHP code (plugins) to a site is a software feature by design, but it escapes most reporters desperate for bounty. If the person who filed the report failed to secure their test site according to our recommendations, is it a fault of our software? Would we have to file all those reports with 24hrs of receipt or be fined?

Not sure what legislation solves. Besides meaning that WordPress and their plugin author ecosystem will be forever filing reports and won’t have any time left for development! :P


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#3 2023-10-18 08:44:53

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,076
Website

Re: EU Cyber Resilience Act and open source projects

Agree, it is borderline surreal the way those rules are presented. I doubt any software development shop (from bigCo to small Open Source dev) can comply with it as it currently stands.
But that is the current EU commission under the madame for you. Full of itself and with no understanding of the real world.

(reason for posting is that there are some people here with a little bit of contact with the EU machinery who might be able to raise their voice. I’ve personally long lost any contact in that world).


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#4 2023-10-18 10:19:32

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,269
Website GitHub

Re: EU Cyber Resilience Act and open source projects

Yeah, it is utterly daft how disconnected the rules are from reality.

And yes, I expect Yiannis will have some say!

Thank you for raising this, btw. Would probably have passed me by otherwise


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB