emma

emma wrote

my thoughts on this are:

google and their ilk want posting code on the internet to incur legal obligations for the author to maintain that code to their standards. it used to be that software companies bought the tools they used, but now they all sip from pools of poo water such as npm. so to bring up the standards of the software they voluntarily download and embed into their products, they want the authors to be legally obliged to maintain the software to some standard, and if they do not, then they want a name they can sue. this is why google is trying to get a foothold into open source projects, why there's such a big focus on so-called software bill of materials and "securing" the so-called supply chain, why the eu is trying to enshrine these kinds of obligations into law with the so-called cyber resilience act (the linux foundation speculates that accepting seemingly well-meaning donations from companies could make you a "software manufacturer" under the cra), and why these real name policies are a thing.

5