Skip to content
TopicTracker
来自 nesbitt.io查看原文
译文语言译文语言

CRA并非关乎开源

CRA(网络弹性法案)设立了开源管理者的角色,却未对其维护工作提供资金支持。这一做法导致开源项目的可持续性面临挑战,凸显了立法与实际支持之间的脱节。

背景速读

- CRA (Cyber Resilience Act): 欧盟2024年底通过的网络安全法规,要求含联网数字元素的产品(硬件+软件)在进入欧盟市场前必须满足安全要求,否则面临罚款或禁售。 - 开源管家/Steward:CRA引入的角色,指负责维护开源项目的个人或组织,需代表项目履行合规义务——但法规并未为其提供资金或法律保护。 - 核心争议:法规承认开源项目是数字基础设施,却把合规责任甩给无偿维护者;大型企业可基于开源构建商业产品,但合规成本由社区承担。 - 此前背景:2024年CRA草案引发开源界强烈反弹(Eclipse基金会、Apache基金会等公开反对),最终版本虽放宽了对“非营利开源”的豁免,但“产品化”与“纯粹分发”的边界仍然模糊。 - 为何重要:若执行不力,可能导致欧盟外项目主动屏蔽欧盟用户,或迫使关键开源项目因合规成本过高而停止维护。

相关报道

  • Jimmy Wales announced that Wikipedia was live at wikipedia.com on January 15, 2001. The site was intended to be a "really quite snazzy" wiki complement to the Nupedia project, offering a more collaborative and less formal environment for building an encyclopedia.

  • Ars Technica reports on the aftermath of the catastrophic failure of Blue Origin's New Glenn rocket, examining the investigation into the cause of the anomaly, the impact on the company's launch schedule and contracts, and the broader implications for the commercial space industry.

  • OpenAI has previewed GPT‑5.6 Sol, describing it as a next-generation model. The announcement provides early details on the system's capabilities and expected advancements over prior iterations.

  • President Trump issued an Executive Order directing the U.S. government to transition to quantum-resistant cryptographic standards within set timelines, requiring federal agencies to inventory their cryptographic systems and develop migration plans to defend against future quantum computing threats.