[graemep]

One possible solution is for people in the EU to set up their own triaging system to triage Linux CVEs (and other CVEs, and maybe other sources of info) in line with EU law. There should be enough people affected willing to find something like this.

I am not clear how the law affects people outside the EU whose software is distributed in the EU (including open source software that is not covered by the exemptions).

>I imagine common sense will prevail and the law will be interpreted the sensible way.

I hope it will, but I would hate to be in the position of having to depend on that.