this post was submitted on 15 Aug 2023
98 points (92.2% liked)
Open Source
31422 readers
22 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I wonder if I am developing an app for lemmy and I am based in EU , am I obligated to get an external vulnerability audit done , or pay a 15.million euro fine , since I am working for a corporate with a full time job?
Without having read any part of this act I'd assume you having a job and you developing an open source app are two separate things unless your job involves developing that open source app.
The number of responses here saying they haven't read up on it but...
I read several different drafts I could find since writing that comment and although it's alll written somewhat vague in general, OP's point isn't in any draft I read.
Well if i am developing a product and I work for a corp or if my project is getting donation from a corp , it will be considered as a commerical project , it does not need me to be working on that product as part of my work !!
No, those are separate. It's about open source projects that have developers working on it in their free time (not getting paid for it) and developers who get paid for it. You having a job as a software developer and working on a project outside your work time doesn't make it a "commercial activity".
Just read the act then ! It keeps it vague enough to consider a person working in free time will be considered a commercial product
Please watch the video above !
What's the gist? I hate video articles
Basically A foss product is not exempted if an employee ( does not need to be a tech employee) contributes to a foss prod , or if a company donates to them ! So even npm packages by individual coders who are employed say.by dominos need to take audit and deliver vulnerability free code .