On Mon, 13 Nov 2023 at 12:57, Aigars Mahinovs <aigar...@gmail.com> wrote: > > True, the employment status is irrelevant. However, in this example Microsoft > will actually have the liability of > providing the security assurances and support for systemd and related > systems, because they are providing > images of such systems as part of their commercial offering on the Azure > cloud platforms. And that will be > true regardless of the employment status of a few developers. > > A company that does not provide any Linux system services to EU customers, > like some integrator operating > just in Canada, would not have such exposure and thus would not incur any > such obligations.
Yes, but they have to do that *as part of that commercial product*, which is not systemd, it's whatever product uses it, together with the Linux kernel, glibc, gcc, etc. That's a good thing, and it applies to any corporation that ships any open source software as part of their products. The corporation is responsible for security aspects of said product and its part as shipped in that product, which is great. It doesn't mean that the upstream open source project is now suddenly encumbered as a commercial product out of the blue - which is what the person I was replying to concluded - because it's plainly and obviously not developed solely and exclusively for that commercial offering, given it's used everywhere on any Linux image from any vendor that you can get your hands on by any means.
