[kubik369]

Unfortunately, this is just wishful thinking. Take an example where a company is going under. If such a law existed, it would be unenforceable as the company does not have the resources and know-how how to do such a thing. After they file for bankrupcy, there is no point in punishing them.

[sokoloff]

Software escrow processes could (partially) solve this, at an upfront cost for every company developing and selling such a device (meaning, at a price that will ultimately be paid by consumers).

[malermeister]

Some government agency could be doing the escrow, at no charge to the company.

[rjmunro]

All you need is an option you can set on a private repo in Github so that if you close your account or don't pay your fees for 3 months it automatically becomes public rather than gets deleted.

[sokoloff]

There is still a process cost to participate in any escrow process, both on an initial and on-going basis.

(That's before the blindingly obvious observation that even something provided by the government at no cost at point of use has a cost which is ultimately borne by the people.)

[malermeister]

I don't disagree with either statement, but I think both of those are a price worth paying to avoid having hardware become e-waste because software support was stopped.

[sokoloff]

I agree with that conclusion.

I think we'd also need to figure out some durable and stable way to reach a conclusion on "when should the software be published out of escrow?" that handles a bunch of the various edge cases. "What happens to devices that are one-time programmable? What devices are in-scope/out-of-scope? Does this apply to radio firmware as well as general CPU firmware? Is the software license changed alongside the release of code from escrow? Are signing keys also released? Is code released from escrow just because some individual use case is no longer supported by the mainline firmware? [Is a disagreement with a product decision enough to release the old code?]"

[joelfried]

I agree as well, though I don't think we need to figure out all edge cases before the legislation is viable. All we need to do is allow any person who purchased said software a private cause of action in which they can petition a court to release the code. Then a judge could decide based on the merits of the person's need whether the code should be released or not.

[mianos]

Professional escrow is not cheap. The first year, when you have to demonstrate a complete build and 'bring up' process with them the price seems pretty good as it's a lot of work. Funnily they don't seem to offer a multi year deal.

The second year there is much less work but they double the cost. You go along with that as it takes a lot of work on your part to engage a new escrow firm from scratch.

The next year they double it again. It's still demanded by your large corporate customers and you try to pass on the costs but they don't want to pay it.

[thereddaikon]

Yeah open sourcing code sounds nice but that's the pipe dream of the tech literate. A real workable solution would be regulation defining and banning ewaste creation and consumer protection from vendors rug pulling product support. Penalizing deviant practices and incentivizing open industry standards.