Re: Call for vote: public statement about the EU Legislation "Cyber Resilience Act and Product Liability Directive"

[Sam Hartman <hartmans@suchdamage.org>]

>>>>> "Bart" == Bart Martens <bartm@debian.org> writes:
    >> 
    >> * A commercial company writes free-software that for all
    >> practical purposes can be used only for access to their
    >> proprietary web service.  I'd rather not allow arguments about
    >> whether a flaw is on the web service side or the client API side
    >> to be used to help the company get out of liability to their
    >> customers/users.

    Bart> I guess "awscli" is an example of this situation.

Sure, let's say it is.
One could quibble about whether there are alternate implementations of
AWS's API, but for most uses, I'd agree with awscli being an example of
what I'm talking about.

    Bart> https://packages.debian.org/sid/awscli
    Bart> https://metadata.ftp-master.debian.org/changelogs//main/a/awscli/awscli_2.12.0-1_copyright
    Bart> So the EU would hold Amazon liable for damages caused by using
    Bart> "awscli", overruling the "without warranties" clause in the
    Bart> license. Well, then next time Amazon might choose to only
    Bart> provide documentation of the API, without publishing an open
    Bart> source example implementation like "awscli". That's a loss for
    Bart> foss. It illustrates the value of DFSG 6.

Ah, because the regulations specifically exclude SAAS and so Amazon
doesn't have liability for the API unless they publish software to use
the API?

If that's your point, I certainly understand you better.

If in practice we end up with less open-source software because of
things like that, I agree it would be a negative.

Now that I think I understand you better, I'm going to step aside and
let the Europeans debate this.
Thanks for helping me understand your point.