Hacker News new | ask | show | jobs
by teeray 904 days ago
Obviously it wouldn’t work for a project as large as Debian, but I wonder if there is some exclusion clause that can be inserted that forbids all users that would be covered under the Cyber Resilience Act from using the software?
5 comments
kube-system 904 days ago
It could be done for some software, but some popular licenses like GPL don't allow additional restrictions on use.
link
quacksilver 904 days ago
If it were a big enough problem, could GPLv4 be published (perhaps with a clause to cover this and future laws) and products encouraged to migrate to it?
link
Ekaros 904 days ago
Likely not. A license can not override legislation. Like creative-commons cannot be used to give away moral rights at least if not some of the copy rights too.
link
patrakov 904 days ago
But we are not talking about overriding legislation. The question is, can GPL4 say "you cannot use or distribute this software" if there is a legal risk to the creator?
link
kube-system 904 days ago
A license could say that, however, the creator would still have legal risk in the case that someone broke the license. "My customer broke the license terms" is not a defense to breaking a law.
link
Palomides 904 days ago
no common definition of free/open source software (such as the debian free software guidelines) would permit a use restriction like that
link
gavinhoward 904 days ago
I'm working on licenses that do that; they become null and void if there is any duty.

Of course, an outside agreement can establish such duties.

link
mycall 904 days ago
Won't work as the CRA overrides any license (this is explicitly written).
link
teeray 902 days ago
How can that be though? If there are users using your software where their nation imposes requirements you don’t want to deal with, you should be able to bar those users from using your software. Licensing is typically that mechanism.

Think if it were something else as an exercise: say some nation implemented rules requiring you to pay $10k USD/year to that government as some nonsense open-source fee. Common sense says you should be able to say, in response, “well, then I guess I’m cutting that country off.” If the rule making country shouts “no takebacks!” and supersedes licensing, then wouldn’t that impinge on sovereignty?

link
hcfman 904 days ago
Yes, but also perhaps be explicit. Ban direct and transient government use.
link