| > Many small distros are hobby distros... Then region lock. You don't have to support California or NY or ... > Different states are passing different requirements that often contradict each other. This is going to be a nightmare Create regional feature flags or region lock. It's a solved problem. > So you’re saying that we should expect those laws too They already de facto exist contractually speaking. > Because before now “code is speech” has ruled, and the US government have not been able to be so invasive about how computers should work The mindset around tech regulation shifted after the 2016 election and Jan 6th. The maximalist tech civil libertarian view on privacy was an anomaly from the late 1990s to early 2010s when tech was viewed as inconsequential. The 2016 election and Jan 6th showed otherwise. --- The overlap between Linux daily drivers and "voters who can flip an election in California, NY, or <insert_state_here>" is nonexistent. This also appears to be a front-run at reducing the risk of an Australia-style regulation being proposed. Edit: can't reply > Europe realized this with their new infosec liability regulations European organizations (from private sectors to government agencies) sidestep this by contractually mandating SBOM and dependency requirements. You end up with the same result, but it's essentially regulated via contracts instead of the law. > Expecting volunteers to dump time into compliance is ridiculous. Not because they oppose the idea, but because huge swaths of the internet run on people doing something for free -- and they'll just do something else if governments begin threatening them That's a decision a lot of governments and organizations are fine with. OSS where maintainers are hired by sponsor organizations is already the norm, and government-backed OSS is becoming increasingly common in the EU and much of Asia. Hobbyists who don't wish to comply can region gate within their license - that solves your liability risk and will keep regulators happy. |
> You don't have to support
This isn't just a kernel thing. Expecting volunteers to dump time into compliance is ridiculous. Not because they oppose the idea, but because huge swaths of the internet run on people doing something for free -- and they'll just do something else if governments begin threatening them.
Europe realized this with their new infosec liability regulations. If you're giving your labor away, you're not liable for your software; if you're making money off your software, step up and do better. Maybe California and the others should learn more from the EU.