this post was submitted on 17 Sep 2025
461 points (99.4% liked)

Technology

75233 readers
2976 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
461
Campaigners urge EU to mandate 15 years of OS updates (www.theregister.com)
submitted 1 day ago by SleafordMod@feddit.uk to c/technology@lemmy.world
105 comments fedilink hide all child comments
 

Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?

you are viewing a single comment's thread
view the rest of the comments
[–] Buffalox@lemmy.world 2 points 20 hours ago* (last edited 19 hours ago) (1 children)

I have no idea what I'm supposed to see from you link? I don't see any particular legal knowledge, or description of any particular legal consequences, and I have no idea what the point is???
Obviously software provided for free "as is", cannot be required to be maintained. And if it is owned by the public which is the case with FOSS, there is no "owner" who can be made responsible.

If however the software is part of a commercial package, the one supplying the package has responsibility for the package supplied, you can't just supply open source software as part of a commercial product, and waive all responsibility for your product in that regard.

[–] ell1e@leminal.space 1 points 18 hours ago* (last edited 18 hours ago) (1 children)

I admit it's a complex topic, but if you read the post in detail, it should answer your questions. The "owner" is typically the maintainer, if in doubt that's the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn't seem to avoid FOSS fallout well.

[–] Buffalox@lemmy.world 2 points 18 hours ago (1 children)

“owner” is typically the maintainer,

Nope, AFAIK that is not legally applicable, that is very clear with licenses like MIT BSD etc, and for GPL in all versions it's very explicitly stated in the license.
You can also release as simply public domain, which very obviously means nobody owns as it is owned by everybody.
Generally if you give something away for free, you can't be claimed to be the owner.
I have no idea where that idea should come from, some typical anti EU alarmists maybe? And I bet there is zero legal precedent for that. And I seriously doubt any lawyer would support your claim.

If however you choose a license where the creator keeps ownership it may be different, but then it's not FOSS.

[–] ell1e@leminal.space 1 points 2 hours ago* (last edited 2 hours ago) (1 children)

As far as I understand the license doesn't matter at all for EU regulation, other than "non-free" software is treated even worse.

Generally if you give something away for free, you can’t be claimed to be the owner.

The CRA from what I can tell applies to software given away for free, sadly. I'm not a lawyer, though. But you can perhaps see why people don't trust the EU.

[–] Buffalox@lemmy.world 1 points 2 hours ago (1 children)

If it's proprietary it doesn't, between proprietary and FOSS it absolutely does for the reasons I already stated.

[–] ell1e@leminal.space 1 points 2 hours ago* (last edited 2 hours ago) (1 children)

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AL_202402847

Supply in the course of a commercial activity might be characterised not only by charging a price for a product with digital elements, but also by charging a price for technical support services where this does not serve only the recuperation of actual costs, by an intention to monetise, for instance by providing a software platform through which the manufacturer monetises other services, by requiring as a condition for use the processing of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, or by accepting donations exceeding the costs associated with the design, development and provision of a product with digital elements

TL;DR, just donations can already be a problem, apparently. But IANAL.

[–] Buffalox@lemmy.world 1 points 1 hour ago* (last edited 1 hour ago) (1 children)

but also by charging a price for technical support

Which exactly includes systems like RedHat which I already included, but in no way includes voluntary FOSS work for free.

an intention to monetise

Again it's very much about the money, and being non free both as in beer and in freedom.

just donations can already be a problem, apparently. But IANAL.

NOPE!!!
Donations are not a charge. A donation is as the word says a donation typically to support a voluntary effort or an organization working for the common good in some way.
A donation does not require anything in return.

Why are you making scaremongering arguments from ignorance?

[–] ell1e@leminal.space 1 points 1 hour ago (1 children)

Did you actually read the quote I gave? I'm honestly confused.

[–] Buffalox@lemmy.world 1 points 1 hour ago* (last edited 53 minutes ago) (1 children)

or by accepting donations exceeding the costs associated with the design,

I'm guessing that's what you are referring to, this is not relevant to normal donations, but only a use of "donations" to circumvent regulation.
Show me any FOSS project that has donations exceeding costs of development, it's basically non existent, only the Linux kernel project itself, which is fair enough to be covered, since the Linux kernel is driven by commercial interests today, and "donations" are payment for membership and influence.

The claim originally in this line of debate was that small projects could risk this, and no they can't, only projects that are in reality commercial are affected. Those are very few, like Red Hat and the Linux kernel itself.
The legislators in EU are not morons, and they actually listen to the FOSS community.

[–] ell1e@leminal.space 1 points 54 minutes ago* (last edited 49 minutes ago) (1 children)

I will stop discussing since suddenly this is about "normal" and I guess "abnormal" donations, and I don't think we're having a clear-headed debate here.

[–] Buffalox@lemmy.world 1 points 43 minutes ago* (last edited 42 minutes ago) (1 children)

There really are differences, Linux kernel membership could be called based on donations, but they are clearly more than that.
Also you haven't mentioned a single 1 man FOSS project that could be affected, which was the original claim could be even from just being a maintainer, which is bullshit.

We hear these EU warnings over and over again, and they are always wrong.

[–] ell1e@leminal.space 1 points 37 minutes ago* (last edited 36 minutes ago)

I continue to believe the risk is real and supported by my links and quotes. You're free to disagree. I'm not a lawyer anyway.