The Deletion of Docker.io/Bitnami

(community.broadcom.com)

329 points zdkaster | 2 comments | 28 Aug 25 04:37 UTC | HN request time: 0s | source

Show context

niemandhier ◴[28 Aug 25 07:29 UTC] No.45049453[source]▶

In the end, they have to do it because of the CSR, and they can do it because of the CSR.

The European Union Cyber Residence Act has the potential to drastically change the open source ecosystem.

The new regulation pushes the due diligence for security according to the Act towards any entity making a commercial offer based on open source software.

Caveat emptor!

For any enterprise, that means that they either do extensive documentation and security on open source components they use or they use foundation or enterprise-backed products.

Note that pure uncommercial open source projects are exempt from the Act.

I see this as a chance; we can still create open and free software, and those of us who desire financial compensation from those who make money with their work can offer as a necessary compliance framework as a service via a different entity.

replies(2): >>45049966 #>>45050011 #

1. tecleandor ◴[28 Aug 25 09:03 UTC] No.45050011[source]▶

>>45049453 #

They don't have to. They can do the paid secure images for the commercial offerings and keep the other ones free. Or they could free the secure images for everyone if they feel like that.

replies(1): >>45050227 #

2. rcxdude ◴[28 Aug 25 09:38 UTC] No.45050227[source]▶

>>45050011 (TP) #

Hmmmm, I'm not sure that's how it would be read. If there's any 'associated commercial activity', it falls under the CSR, even if the images themselves are free and open source.

(That said, the overhead of the CSR is really not much, from what I can tell. It's pretty lightweight as EU standards go)

↑