> 10) In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software.
The Internet Society quotes[1] that part and thinks selling support for stuff would count it as being supplied in “the course of commercial activity” even to those who aren’t buying the support.
If someone sold me support for a piece of open source software (like ISC and BIND) then I definitely would expect some level of liability if there's something wrong with it.
Otherwise why would I pay for support if I could just self-host? They can strictly define the parts they are willing to support, though.
You offer support for your open source software so it's commercial open source, someone else uses your software in his software without your knowledge and he doesn't pay and doesn't want support.
He doesn't update his version of your software and this leads to a security issue.
No, it’s people who possibly even agree with the intention of this wanting the letter of the law to be as clear as possible — so that a hypothetical uninformed judge a few years down the road has less wiggle room for a bad decision. (Also note that in some European law traditions, written law is more important than case law.)
No. Liability only arises if someone is paying you and you give them assurances that PyThing is fit for a particular purpose or behaves a particular way.
>free and open-source software developed or supplied outside the course of a commercial activity
This part isn't clear enough to confirm you assumption.
It could mean the software instance installed by your support customer, it could mean the software as such you intend to sell support for, no matter if you are really get paid for support or not.
I believe the point they're making is that while you could expect liability, I couldn't if I'm not buying support services but run it myself. As in "offering the support services to anyone" would assume global liability.
> If someone sold me support for a piece of open source software (like ISC and BIND) then I definitely would expect some level of ...
The word you were looking for is "support".
If there is something wrong with the "supported" open-source software, then you may expect a certain level of "support". Full-stop.
That generally entails an SLA that says your issue will be reacted to within N-time of opening the issue, which might be nuanced by the tier-level of support purchased. That you are provided access to documentation, or even the source code itself. You might be provided with best-effort support by an agent, which is limited to resolving documented defects, or configuration, or acknowledging standing-bugs which cannot be resolved.
What you cannot expect is the software is updated in accordance with the support incident. For that, send patches, or pay somebody to send patches.
I had a similar reaction to the whole thing about some new anti-Tiktok law in the US potentially banning a whole bunch of other things, but nobody is actually sure.
Like, is it a weird idea of mine that you should define your laws based on what you want them to do and then test them to make sure they are right before they actually, you know, become laws? How can no one know what the law will actually do until the law is actually enforced?
If I wrote software like this I would be instantly fired.
Can somebody please explain?
> If I wrote software like this I would be instantly fired. Can somebody please explain?
If aerospace engineers built airplanes the way you (or me) code, they'd be in prison.
I don't think software developers have any right to criticise - we are the clowns of engineering world.
The software around me fails all the time, coffe machine refuses to make coffee becauae there is no wifi, toyota has spaghetti code controlling the accelerator, average home router has over 9000 securiry holes.
Even if you look at our industry standards, the HTTP standard has flaws allowing Request Smuggling, JSON standard is not compatiable with javascript, and Javascript itself...oof...
> If aerospace engineers built airplanes the way you (or me) code, they'd be in prison.
Really? I don't recall anyone going to prison for the 737 MAX. Not even the engineers reviewing the code written by the offshored 9$/h programmers Boeing hired...
> the HTTP standard has flaws allowing Request Smuggling
As if the building code didn't too change over time.
That doesn't mean they will always get it right, but it's often screwed up more by the legislators than the attorneys.
Laws that are so vague that they don't give notice to someone of what conduct is proscribed are not valid in the US.
Additionally, in the US, laws found to be unconstitutional are void ab initio.
They are not struck down. They are declared never to have been valid in the first place.
(Though, like anything, perfect consistency is not a goal of the legal system, so you will see this screwed up at times as well)
even with already published laws you need a lawyer to understand how a judge will be more likely to interpret them; even then, it's just an informed guess, you never know what the end ruling will be until it comes.
So... Why not have a judge whose job is to come in and rule on potential new laws? You're pointing at this like it's some knockdown argument when it just shows lawmakers are lazy.
HN is not apparently aware of how laws are made in most countries. In fact, staff legislative attorneys and others greatly experienced in law often help write them and edit them.
Imagine all of your bugs were security bugs, hacking (and profiting from the results) was legal and incredibly lucrative, and (as a result) almost the entire available pool of testers was at best grey-hats each with their own political agenda. Even if you also had Designated Testers with lifetime appointments, would you expect them to do better in a year than a well-paid hacker could in a couple of weeks? Especially if the former category, though well-paid, is considerably understaffed and thus overworked, due in part to how hard it is to establish competence and good faith of a candidate?
I’m not sure this is a good metaphor, but I think the main thrust should be true: the whole thing is adversarial like you’ve never seen, and that’s not at all the best way to establish truth, just the best you can do without trust assumptions. (Law : science and engineering :: democracy : benevolent dictatorship.)
This section has been rewritten (changed) in the latest (internal) draft of the CRA based on feedback of various open source foundations as far as I know.
I'm not sure how much I'm allowed to share but it'll be public at some point in April I believe.
How does this work for free software projects which aren't themselves commercial but list employees of big companies among their major contributors? E.g. the Linux kernel?
It will likely be tied to the “productization”. That is, the liability chain will only go as far as there is someone who turned the software into a product for monetization purposes. If a company sells a product that uses Linux, they will be liable regardless of whether they contributed to Linux development or not. If part of the product was itself purchased from a third party, the third party will be liable for that part. But open-source developers who don’t monetize the software won’t be liable.
One case that could potentially become problematic is OSS developers who have Patreon subscribers or similar, where those subscribers could conceivably pass on liability claims.
that is sooo bad. Basically anyone can give you support with some open source code (i.e. consultancy, they fix a bug/deploy/tweak for you and go away) except the authors of the code. Because if the authors do this, they are liable for the whole code base of the product. Nice.
Also, many open source projects have very complex authorship, good luck digging which company is responsable to do the audit.
Also, basically your favourite cloud provider could host your favourite open source database, but the authors providing hosting would be liable. Because "This Regulation does not regulate services, such as Software-as-a-Service (SaaS)"
Thank you. Do you think blogger missed it, focused on the 'should' part or it is part of clickbaity nature of our news cycle? Either seems as a likely possibility. I don't think EU would be stupid enough to kill open source.
It’s more than clickbait. The intent of the proposed legislation in not to make volunteer open-source contributors liable for bugs, but the current draft may set the boundary between commercial and non-commercial developers in the wrong place.
I'm not a lawyer, but I see no way a sane and reasonable person could read this as "and if someone you've supplied the software in a foss & non-commercial setting to uses that software in a commercial way, you're on the hook for everything".
Yeah, it could be even clearer (but laws tend to not want to enumerate everything that is obvious or they'd become books), but it feels somewhat exaggerated. Or is the actual fear that commercial support services by the authors could trigger liability? As far as I understand, that has been a preferred way to get paid and remain not-liable for the original product.
I _was_ a lawyer for a decade before going into tech. One of the good habits I acquired in practice was making sure to read all the way through every document, no matter how boring it got. I agree with you completely, except the article isn't just exaggerated: it's borderline FUD. Regulation is necessary because too many humans find self-regulation in the public interest too hard. The problem is that writing effective, targeted, regulations is also hard, and often beyond the capacity of those given the power to do it. Even when they mean well (never a given, as evidenced by a sordid history of self-sealing and favoritism), it often gets mucked up.
> If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else’s commercial product.
Oh shit, this is huge. I wonder if it applies retroactively for code in the wild, as an open source contributor you can't recollect you code back.
You can potentially hold those responsible who published the first open source TCP/IP stack for anything happening on the internet if it retroactively applies to existing code, fun times.
It would also absolutely destroy the EU economy. Developers in the EU would be blocked from PyPi, GitHub, NPM, Stack Overflow and much much more. Pretty much every single commercial software product contains at least one open source package. You wouldn't even be able to use Java or .Net. There's also no way in hell that commercial companies like Oracle or Microsoft will assume any kind of responsibility for errors their code would result in in a customers code base. At least not without massive compensation.
And how about Linux, or Android... or iOS, they contain open source software as well. Could you go after some random kernel developer for a bug that affects Android?
This hasn't been tought through in any way, the ramifications could be enormous.
At some point would be cheaper to just block access from whole Europe than complying with their laws.
The worst part is that a lot of politicians in other countries are just copying the EU tech legislation, instead of trying to produce something better.
Big companies obviously no. But a bootstrapped startup? Probably yes, at least initially.
And here we are not talking about "basic decency" or taxes. The audit requirements by the new EU law are extremely expensive. They assume that every software developer is BigCo. I don't see that the EU is requesting every tabloid article to be fully audited to remove false claims or that each medical decision must be audited. The requirement is disproportional.
The regulatory burden is so disproportionate that only a few large companies can operate following all the regulations and arbitrary rules set by the Europeans unelected bureaucrats. In turn, large companies raise their prices, but it doesn't matter because they are the only game in town left since smaller companies simply can't compete.
So the European consumer ends up paying for all the extra compliance through less competition while the bureaucrats pat themselves on the back and politicians keep getting "big victory" against the "evil foreing tech giants".
> Developers in the EU would be blocked from PyPi, GitHub, NPM, Stack Overflow
Being blocked from PyPi and npm would probably catapult EU software quality ahead of America... and without them hosting it on GitHub to feed into our LLMs to circumvent their IP? Oof we'd be in trouble...
What about extradition treaties? Do I need to be concerned about someone in Europe misusing my mathematical expression parser library in a medical device, people die, and then I get extradited?
I heard a third-hand story about a Boeing engineer held responsible for an aircraft crash in China, and the US was going to extradite him to China. He committed suicide. Don't know if it was true, although it was a Boeing employee who told me about it, and she certainly thought it was true.
The US doesn't have an extradition treaty with China, so that's probably an urban legend or someone pulling your leg or trying to put the fear of god (China?) into her and other engineers so they take the job seriously.
If the EU is willing to hold you financially liable for something you provided for free with no promise of it functioning or being safe to use, might they also hold you financially liable even though you said it shouldn't be used by anyone in the EU?
Maybe the safest approach is to firewall them off of the internet. They can have their own bureaucratic paradise without involving the rest of us in their mad schemes.
I initially thought to geoblock them, but the trouble is - their laws apply to their citizens even in my country, and I'm unclear as to what happens when a regular person visits the EU.
Personally I modified my (paid service) project's EULA to make it unavailable to EU residents, citizens, and people currently located there just to be safe.
First it was fonts and cookies, now this; I don't want to see where this jaw-dropping progression ends up.
In 2016 I thought Britain was absolutely mad, but they're starting to look smarter and smarter
There's people like me, who moved from the UK to Germany as a direct reaction to Brexit. I don't have a Boolean heaven-or-hell (Devon-or-Hull?) attitude to any of this — Brexit itself was stupid, but not (yet) the worst thing the Westminster government did to United Kingdom people. Sure, a repeat of the Potato Famine may happen, but probably not.
Then you've got people who have made it part of their identity. On both sides, they're never going to admit the possibility of Team Them making the slightest of mistakes.
For example, the specific mistake of the government passing a law that allowed a regional ambulance service to find out the preceding 6 months of internet domains accessed by any person, without any need for a warrant; something that was obviously not compatible with the Human Rights obligations but which the government passed anyway, and as that government was loudly conflating the EU with the human rights courts, I just assumed they'd force it into effect regardless of any objection I could bring, when they actually managed to leave the EU.
> the government passing a law that allowed a regional ambulance service to find out the preceding 6 months of internet domains accessed by any person, without any need for a warrant
Wow. And people voted in favor of that?
No wonder we're flooded with resumes from the UK over here...
I still don't know why they even asked for that power; the arguments given at the time were predicable clichés that had about as much connection to reality as the average stock photo of a hacker — if I assume they were sincere then they must have been incompetent, and if competent then insincere.
In case you hadn't noticed, this law hasn't been passed. It is currently out for consultation through a relatively transparent process. Certainly more transparent than the, let's all meet at the club and thrash it out between us, what what, process that takes place in Westminster under the current lot. This is how democracy is supposed to work, but alas very few people take the time to learn that or engage in the actual process.
Pretty much that.
After GDPR many small shops refused to work with EU IP addresses and just redirect to a page with some disclaimer.
But big players (who were consulting politicians when GDPR regulations were written) only won from GDPR, they don't need to show the cookies banner all the time on their platforms and still have a lot of power over your private data.
Certification of software is always expensive, so expect new open source licenses: "Open source as usual, but if you are from EU, you are not allowed to use that code".
Or expect Amazon to take an open source product, close source their fork, do certification and provide SAAS.
Again, there are companies who can do some commercial support for their code, but they are really could not be interested in adopting all the EU regulations.
Not all things can be or even should be regulated. This is almost akin to a law punishing good samaritan for helping someone in need because that someone ended up a criminal later. Not only is it dumb but also a perversion of authority.
Hopefully they know what they are doing and revise the law.
"Good samaritan" is a pretty relevant keyword here because many countries have so called Good Samaritan Laws that explicitly give legal protection to those aiding others in peril. The idea is that you won't want to discourage people from helping those in need by fear of repercussions. Its not unreasonable that similar liability protections should apply to those freely sharing software.
On other hand. If I for example make food from rotten ingredients and share it on street for free, even with disclaimer and someone gets food poisoning I don't think anything protects me. Or should protect me.
I have never understood why software is some special place. Specially if entity has anyway to monetize it.
Making food from obviously rotten ingreedients is not akin to something that would fall under good samaritan laws. However I don't agree that you should be liable for providing food to those in need if you have made reasonable safety precautions. Restaurants throwing away their leftovers rather than be held liable is not a good thing for society. So no, I don't think software should have a special place here but rather that someone trying to "do good" should not be punished for it even if they mess up a bit.
The open source community in general needs to pay more attention to this space – not just the python ecosystem. More maintainers need to know that well intentioned people are proposing policies that would in some instances make them financially and legally liable for the code they write.
The new EU AI Act also has this problem, in that it imposes liability for developing components that may at some future point be misused by others.
The source of the problem is a particular approach to legislation that has become popular in the EU that purports to regulate across the entire supply chain for a product. Which might make sense for production of physical items or for software developed completely from scratch 30 years ago under a waterfall model, but is strongly disconnected from the way software is currently built.
“Well intentioned” does not actually describe the strong IT companies that support actions like this to try and recapture value. European big tech companies like Siemens, Ericsson, Nokia and so on are not fans of open source since it negatively impacted their captive customer bases.
>If your open-source software project is considered "critical", you could be facing a lot more work and responsibility in the future. But for now, it's just some ideas from a few of Google's top engineers.
IANAL but I would expect you can only be held reponsible for a product if you say it fits a particular purpose.
But the python licence explicitly says:
PSF is making Python 3.11.3 available to Licensee on an "AS IS" basis.
PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF
EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR
WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE
USE OF PYTHON 3.11.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
So it's not sold to you, and not distributed with any implied level of quality or guaranted service.
> I would expect you can only be held reponsible for a product if you say it fits a particular purpose.
That is an incorrect expectation. Even in the American legal system "I said don't do that" is not a shield against liability. In the EU framework a new law can pretty much create any new liability they want, so a disclaimer absolutely could be rendered meaningless.
Why on earth would they make the original vendor of a component liable instead of the last corporate vendor wholly liable for all components of the final product they sell? This seems like something which can only benefit:
1) very large corporations
2) who use a lot of components they don’t make
This seems almost designed as protectionist legislation for dinosaur companies unable to manage their software dependencies at any level of competence.
Yep, it's interesting because this is the case in eg. device warranties... if something breaks down, you don't search who the manufacturer of the capacitor was, but just take the device to the seller/retailer/store and have them deal with it.
Mostly. There are some exceptions. For example, with cars, tires are often warrantied directly with the tire manufacturer. Also, in the case of material defect, e.g. the airbag issue a number of years back, the auto manufacturer is mostly the entity on the hook for consumers but there are absolutely various liabilities up the supply chain.
For sure, it’s reasonable that the airbag vendor, having sold a product to the auto vendor, is liable to the auto vendor.
I don’t think the airbag vendor should be separately liable to the user since it’s the auto vendor’s responsibility to ensure that the holistic system works- even without considering the case of open source wherein there’s no contract at all between the OSS “vendor” and either the immediate “buyer” or end customer.
Takata was sued by various parties (consumer class actions, at least one state) over their airbag defect although I'm not sure what the outcome was over and above the settlement by the various auto makers.
People can sue for pretty much anything and there's a good chance you have to (or at least should) get a lawyer if that happens. While it's arguably negligible, there is some risk in putting tools/code out there even if it's free and not warrantied.
Not sure about tires, but atleast here, the seller has to deal with warranties, even if the warranty is made by the manufacturer... so if i buy a Sumsing(TM) phone, I don't have to drive half a country away for them to service it, but I can just drop it at the shop I bought it at and have them deal with it.
If something warranty-worthy happened with a tire, I'd just take it to the dealer and have them deal with it.
Because the EU wants to make sure someone else than the user liable for everything. Fully controlling the Internet is part of this development. It started with cookie laws and is now creeping towards total controlism a la China.
In the EUs model of social democracy citizens does not need to bear responsibility for their actions, but it’s government’s job to enforce everything is in harmony. “Someone else” e.g. corporates are responsible for any negative outcomes. Whether or not open source, or many other Internet produced contents, fits into this model is secondary. This is also very easy for politicians to sell as the evil is always outside (US corporations, China, Russia) and there is never anything wrong with country or its citizens themselves. If people can go to Internet and hurt themselves e.g. by downloading an application or a package of course it must be someone else’s liability.
Basically every license out there has some "can't be held liable" clause in it (see the mit license for an easy to find one).
Does this mean the license may be invalid entirely in the EU, making it so you actually just can't use the software at all? I know that's how the GPL basically works, if you don't accept the GPL, then you simply have no license at all.
Usually the respective clause just becomes legally void. This is different from you not accepting that clause. It doesn’t invalidate the license as such (even if the license would like that to happen).
If a sales contract says that, by the way, the seller now owns your first-born, then that clause is void because it’s illegal. It doesn’t however mean that the contract is void and that you have to return what you bought or have to reimburse the seller. It’s the sellers fault that they put an illegal clause into the contract.
It’s different from if the law would say that the whole type of contract is illegal.
I discussed this with an AI language model (GPT-4), and the general idea I gathered was that in the EU, it's possible that the "no warranty" clause in open source licenses could be invalidated by consumer protection laws, while the rest of the license remains valid. This could potentially expose authors to liability, even as their work continues to be used for free. However, it's important to note that this information came from an AI and should not be considered legal advice. The specific application of these laws may vary depending on the jurisdiction and circumstances.
I remember when everybody was telling me that the demise of "net neutrality" would force me to pay my ISP for special "packages" to use different sites. Want to use HN? It's blocked unless you pay for the "tech forum package". ...Except that never happened. It turned out that the hysteria was manufactured by American tech corps like Google and Netflix that feared having to renegotiate their peering arrangements.
This sounds like more of the same. The proposed EU law applies to commercial activity, which volunteer FOSS development is not. So now we have commercial interests trying to fan the flames of another hysteria.
Many companies contribute to open source software, would they be responsible if some random user of Linux leaks some data due to a change redhat implemented? Despite that user having signed no contract with them?
And last time this came up it seemed widely believe that a donation link is commercial activity.
I’m all for software vendors requiring to take more responsibility. Anything better then the current “if it works you’re lucky” guarantee that drives drives the bug parching normality.
The responsibility lies with the commercial vendors however, not with the open source developers. What a perverse world we live in, that that can even be possible… Using our software for free and then holding us responsible… ha!
I find it interesting that the EU does not define "free and open-source software" in either of the proposals. I think they need to define the terms as used. There isn't complete agreement in the software world as what that applies to. For example MongoDB and the SSPL license.
Although I think in many cases, the people doing this aren't aware it's happening. It's a git action kicking off some jenkins agent somewhere in a kubernetes container on a virtualized server that was set up and forgotten about based on a patchwork of online tutorials.
Probably everybody knows that each test run and build is downloading GB of data but they're doing it quickly, they don't cost much money or none at all, and it's easier to do it than setting up a local cache and use it (CI, local dev machines,) etc. The only reason I ever saw some optimization at that level was because building the base image took too long, so we were saving one and we were rebuilding it only when dependencies changed. I can't remember the details.
Try doing that in am air-gapped environment and you'll soon learn about the importance of local artifact caches and caching proxies with tight retrieval policies, or having downloads gated for review... ;-)
This law will literally freeze software development in place, much like the US FAA did with civil aviation in the 1970s. Suddenly going from 100% disclaimed away warranty to a statutory warranty doesn't work. This may even be less intelligent than my home state's attempt to legislate that pi=3.15.
So, if you work for a commercial company and wanna contribute something back to some open source project - you will not get a green light from your lawyers department once this is enforced (it is already pretty hard to convince them).
I think I will call this - "Revere Censorship" and it's the way the likes of
George Orwell's "1984",
John Carpenter's "They Live",
Aldus Huxley's "A Brave New World",
along with the ideas pushed by the government (WEF) in Ayan Rand's "Atlas Shrugged"
are slowly being brought to life.
Soon there will be a City of Ember to contend with, not to mentioned Enders Game...
As I keep saying, the future is written in the past.
Seeing many of the EU's laws - I feel that they have given up in innovating, and have designed to go all in on legislation. Many of the rules they make are completely unnecessary IMHO. They treat their citizens as totally incompetent and incapable of evaluating alternatives themselves.
I expect the EU to continue to falter in cutting edge tech as a result. Software in particular.
Indeed, they just can't seem to understand the modern economy. How many unicorn's has Europe created over the last 15 years? The idea that a wildly influential technology company coming from the EU instead of America or China is just not realistic.
I guess they can continue to export luxury brands and tourism.
I think Europeans tend to have an aversion to success/wealth and are scared to go out and try and build something. Just be conservative and go and work for a company that underpays. But at least you get to go on a vacation a couple times a year.
I feel like the time I've spent in Europe and the time in the USA is that Americans are optimistic that something can be done and they go out and take a risk. Europeans are skeptical of anything new. And to me it's weird because the way social safety nets tend to work in Europe, people should be taking risks left and right. And to be sure there's no lack of very talented engineers in the EU.
Is it that Europe relies so much on legacy? Their legacy colonial relationships around the world, their legacy brands, etc?
Article 20(1) of the Treaty on the Functioning of the European Union:
"Citizenship of the Union is hereby established. Every person holding the nationality of a Member State shall be a citizen of the Union. Citizenship of the Union shall be additional to and not replace national citizenship."
This doesn't make much sense - would publishing the code to a paper about object detection really make my professor liable for someone getting run over by a Tesla?
Oh boy. If this passes, I'm basically going to have to not allow people to use my FOSS in Europe.
I have actually written some Open Source licenses [1], and one different thing about these licenses is that they are null and void if the law requires the original contributors to accept any responsibility for the software unless they voluntarily accept it.
In my opinion (IANAL, but I wrote those licenses), if things passes, then anything licensed under my licenses would not be legal to use in Europe or by EU citizens.
Licenses will now need protections like this to keep FOSS alive, and places with laws like these will lose out.
By the way, my licenses are currently being checked by a lawyer. However, it may cost me more than I can spare, so I may not be able to get them fully checked.
Permissive license open source is going to be fine, for now anyway. The problem is that the arguments cited in the OP also apply to small devs who can't afford an army of lawyers. Such regulation will spell doom for software start-ups and small shops.
It's a pattern of EU law makers going after the little guy: VAT MOSS, GDPR, now this. Not much of a problem if you have an accounting department next to legal department on the same floor of your corporate building. A huge burden for a small guy who only have limited number of man hours to distribute between paperwork and actual work.
>Not much of a problem if you have an accounting department next to legal department on the same floor of your corporate building.
It's demonstrative to read the official EU impact assessments for a lot of their recent legislation. For example, the impact assessment for the EU AI Act estimated prior-to-launch compliance costs for a small business with one AI product at €400,000. But when you look into the assessment in more detail, that estimate actually excludes legal costs (not joking here). It creates a very uneven playing field for small innovators.
Feel free to stop using the internet then, since it is built on apache / nginx / python / java / javascript / php and many other open source technologies.
I have a couple things up on GitHub that are fit for my purpose but you probably don’t want to be using if your threat model is higher than “huh, that doesn’t work”.
I have no expectations that anyone will ever read the code much less use it but it costs exactly nothing to put it out there on the off chance it may be useful to somebody.
So, yeah, I should be responsible if someone hacks some crypto kitty clone and makes off with a billion dollars?
> 10) In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software.