On Wed, Nov 21, 2018 at 4:37 PM Antoine Thomas < antoine.tho...@prestashop.com> wrote:
> A new regulation which aims to fight VAT fraud obligates merchants (and > e-merchants) to use a software allowing to: > - Make accounting data inviolable, > - Secure the accounting data, > - Keep and store the accounting data, > In order to satisfy a potential inspection of the tax administration. > > In addition to these properties, the law requires that merchants use a > certified software (FYI, in France, the certification is delivered by only > 2 companies : LNE and INFOCERT). > > In order to offer an alternative to our users, PrestaShop has developed a > module that can be installed to the merchant’s discretion. > > This module complies with the law requirements but in order to satisfy the > INFOCERT’requests, the code source of the module has been obfuscated. > Tangential to question asked, and I'm interested in general case, not agitating for PrestaShop to push back on the request in this particular case... I wonder whether INFOCERT's request is justifiable? I imagine they think obfuscated code is less likely to be modified, any modification potentially making the software non-compliant with the regulation, risking INFOCERT's reputation? Why isn't it good enough to have a warning that only unmodified versions are certified and that any modifications mean you are running uncertified software and in violation of the regulation? The whole point for merchants to install the module is to be compliant with the new regulation, right? I notice that PrestaShop module source files already include the following disclaimer, which could be made scarier for a third party certified module: * Do not edit or add to this file if you wish to upgrade PrestaShop to newer > * versions in the future. If you wish to customize PrestaShop for your > * needs please refer to http://www.prestashop.com for more information. > Another question, perhaps more closely related to question asked (though still entirely tangential, as the original question has been answered in a way that makes this non-essential) -- does INFOCERT require that no unobfuscated source to the certified module be available? If not, I imagine the certified module would be obfuscated, under OSL-3.0, with the non-certified preferred form for modification also available, per OSL-3.0's "Grant of Source Code License", if I understand correctly. Mike
_______________________________________________ License-discuss mailing list License-discuss@lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
