Hi,
On 11/15/23 20:27, Aigars Mahinovs wrote:
That is exactly why I think this is dangerous: I want GitLab and
Proxmox
to be responsible for what they release, but it is very difficult to
draw a line between their offering and what Microsoft is doing by
paying
for systemd development while they are also selling Azure cloud.
Why should there be a borderline between that? Microsoft has to be
responsible
for what they are selling in the Azure cloud (pre-defined images),
regardless of
the systemd developer work.
Yes, but in the other direction we don't want them to be responsible for
systemd, because that is still meant to remain a community project even
though the lead developers are employees.
I am not convinced the "mere employment does not immediately cause
responsibility" is enough of a shield here. It would be, if there wasn't
another division of Microsoft that bundled this software and sold
services for it, and was therefore required to provide warranties under
this regulation to their customers.
Transferring that situation back onto GitLab (because we need one set of
regulations that fits all), that would mean that the company was only
required to provide security fixes to their paying customers and could
leave the "community edition" unpatched.
That would also be a consistent position: "as long as the source code is
public under a DFSG-compliant license, the open source exemption should
apply even to works produced for commercial gain."
However, I do not think the EU wants an exemption this broad, which is
why I see a risk that this threatens the model that systemd is currently
developed under.
From my personal perspective on systemd, I don't care much, but with my
Debian hat on I think that would be pretty disruptive.
Simon
