It's hard to evaluate the nature of this CRA, because I don't understand exactly what is their strategy, what are it's definitions of security, and how exactly they plan to enforce this so called security. EU many times harmed us when wetting their dirty hands into peoples businesses. I say, leave us alone. We do not need bullies taking care of our security.
The law seems to have good intentions, but I think they think that everyone is going to be able to carry out these certifications, and that is something that many projects cannot afford...
Can't speak on FOSS as a whole, but for Game Devs this only really effects you if you are running online games, or games with ads(which often requires internet). Systems that are easily exploitable and therefore a risk to the whole thing. Godot doesn't "need" internet access to work so the biggest risk would be download vectors and IMO enforcing that kind of security is a good thing, cause its kind of bare minimum, "making sure ppl don't download malware when downloading your software"
As I explain in the video, given the current draft, both Godot and most games would probably fall into the category of elements with little risk, which would require a security self-assessment, documentation of different types, etc. .
@@DavidSerranoIO I watched the video, my comment was added context for those who may not have understood on a personal level. What you said in the video and your comment is very broad and doesn't provide insight into the "how" they might be effected. Sorry if that was unclear in my first comment
@@elsolem Okay, I apologize if my comment bothered you. Yes, what I'm talking about is quite broad...given that it is what is in the current draft. We'll have to wait to see how it plays out. In any case, thanks for providing more context 👍
I'll just wait for FOSS channels that do provide a bigger view and perspective of what's going on. There are already few videos of this EU law already, and from what I've seen so far, it's going to be a detriment to the FOSS community.
Taking into account the potential to damage the FOSS ecosystem, I also don't understand why this is not being talked more. In any case, let's remember that what we have now is a draft, there is still hope 🤞
Hey David, do you know if there are signature collections going on? It might be too early for that since everything can still change (hopefully).. I am really worried for Linux and a bit about the devs responsibilities when selling a game.
There are already several organizations that have raised their concerns with European politicians, you can see more information here: linuxfoundation.eu/cyber-resilience-act
- Is your game certified for selling in EU? - No - Pay us 1000$ and we will do that for you! - No - Than your game can't be sold in EU! - Unless I would make 1mil$, I'm fine with that ;-)
It's not that easy, open-source cannot simply be "blocked" and pretend that it remains open-source. According to the accepted definition, open-source cannot discriminate against people or groups, so its use could not be "banned" in Europe, at least not without modifying the accepted meaning... (point 5: opensource .org/osd/)
I think the definition of open source is grey at best. Just because something is open source doesn't give everyone the freedom to do whatever they want with it or use it how they please. There are different licenses that can be imposed in open source software and EULAS that have to be adhered to. Sure, we probably can't ban open source software but you can probably update a EULA to say that people who use the software are the ones responsible for whatever happens with the software wherever they decide to distribute it. Or something like that.
@@americoperez810 All open-source licenses already contain the clause you mention. However, here what we are talking about is a law that will be above any open-source license. In other words: no matter what is written on the license, the law is going to prevail.
EU is 50 years too late, Richard Stallman already solved the most of security issues by introducing the GP License. EU can shove somewhere their dirty hands and leave us alone in freedom and peace.
The TL;DR, would be that this law attempts to increase cybersecurity standards for digital products and software, which is a positive thing. However, given the level of responsibility it imposes, many FOSS projects may not have sufficient capital to pay for the external certification that will be necessary, which could seriously jeopardize their continuity.
Indie devs the vast VAST majority of time can barely finish their games, now you force them to spend an unholy amount of time and effort on security too (that may not even be needed), that will make things a lot harder. And this is IF they even have the knowledge to do it themselves, because considering paying someone else is a way bigger problem. It's the same level of thinking of facebook being okay (and promoting) the government to regulate social media, because they know they would be one of the few platforms that have enough money to comply with what's required. This feels it's either another law being made by old people that don't even know how to turn on a computer or it's big game companies making a move to reduce the number of indie games on the market because people are buying those games made with passion instead of their triple AAA gacha/woke/buggy garbage game.
Thanks for this video. This had not been on my radar before.
It seems like this could be really bad. Will keep an eye out for future development.
You're welcome, let's keep watching.
I sent an email to Nicola Danti to try do my part and avoid damage from uninformed politicians. Thank you.
Thank you for getting involved in the cause and trying to inform politicians, we must all do our part to avoid a potential tragedy.
It's hard to evaluate the nature of this CRA, because I don't understand exactly what is their strategy, what are it's definitions of security, and how exactly they plan to enforce this so called security. EU many times harmed us when wetting their dirty hands into peoples businesses. I say, leave us alone. We do not need bullies taking care of our security.
The law seems to have good intentions, but I think they think that everyone is going to be able to carry out these certifications, and that is something that many projects cannot afford...
Can't speak on FOSS as a whole, but for Game Devs this only really effects you if you are running online games, or games with ads(which often requires internet). Systems that are easily exploitable and therefore a risk to the whole thing. Godot doesn't "need" internet access to work so the biggest risk would be download vectors and IMO enforcing that kind of security is a good thing, cause its kind of bare minimum, "making sure ppl don't download malware when downloading your software"
As I explain in the video, given the current draft, both Godot and most games would probably fall into the category of elements with little risk, which would require a security self-assessment, documentation of different types, etc. .
@@DavidSerranoIO I watched the video, my comment was added context for those who may not have understood on a personal level. What you said in the video and your comment is very broad and doesn't provide insight into the "how" they might be effected. Sorry if that was unclear in my first comment
@@elsolem Okay, I apologize if my comment bothered you. Yes, what I'm talking about is quite broad...given that it is what is in the current draft. We'll have to wait to see how it plays out. In any case, thanks for providing more context 👍
I'll just wait for FOSS channels that do provide a bigger view and perspective of what's going on. There are already few videos of this EU law already, and from what I've seen so far, it's going to be a detriment to the FOSS community.
Taking into account the potential to damage the FOSS ecosystem, I also don't understand why this is not being talked more. In any case, let's remember that what we have now is a draft, there is still hope 🤞
What is FOSS?
@@rmt3589 It's "Free and Open-Source Software"
Hey David, do you know if there are signature collections going on?
It might be too early for that since everything can still change (hopefully)..
I am really worried for Linux and a bit about the devs responsibilities when selling a game.
There are already several organizations that have raised their concerns with European politicians, you can see more information here: linuxfoundation.eu/cyber-resilience-act
I will likely just block EU and and leave a note for people from the EU not to buy. Then site the law.
- Is your game certified for selling in EU?
- No
- Pay us 1000$ and we will do that for you!
- No
- Than your game can't be sold in EU!
- Unless I would make 1mil$, I'm fine with that ;-)
It's not that easy, open-source cannot simply be "blocked" and pretend that it remains open-source. According to the accepted definition, open-source cannot discriminate against people or groups, so its use could not be "banned" in Europe, at least not without modifying the accepted meaning... (point 5: opensource .org/osd/)
I wish it were only $1000 🙂 Unfortunately, I'm afraid these audits are probably going to cost several times that amount.
I think the definition of open source is grey at best. Just because something is open source doesn't give everyone the freedom to do whatever they want with it or use it how they please. There are different licenses that can be imposed in open source software and EULAS that have to be adhered to. Sure, we probably can't ban open source software but you can probably update a EULA to say that people who use the software are the ones responsible for whatever happens with the software wherever they decide to distribute it. Or something like that.
@@americoperez810 All open-source licenses already contain the clause you mention. However, here what we are talking about is a law that will be above any open-source license. In other words: no matter what is written on the license, the law is going to prevail.
Don’t worry there is the cave game engine and upge engine if godot fails there are still others
EU is 50 years too late, Richard Stallman already solved the most of security issues by introducing the GP License. EU can shove somewhere their dirty hands and leave us alone in freedom and peace.
it's a good law in my books, but I'm not smart enough to see the good and bad 😢
The TL;DR, would be that this law attempts to increase cybersecurity standards for digital products and software, which is a positive thing. However, given the level of responsibility it imposes, many FOSS projects may not have sufficient capital to pay for the external certification that will be necessary, which could seriously jeopardize their continuity.
Indie devs the vast VAST majority of time can barely finish their games, now you force them to spend an unholy amount of time and effort on security too (that may not even be needed), that will make things a lot harder. And this is IF they even have the knowledge to do it themselves, because considering paying someone else is a way bigger problem.
It's the same level of thinking of facebook being okay (and promoting) the government to regulate social media, because they know they would be one of the few platforms that have enough money to comply with what's required.
This feels it's either another law being made by old people that don't even know how to turn on a computer or it's big game companies making a move to reduce the number of indie games on the market because people are buying those games made with passion instead of their triple AAA gacha/woke/buggy garbage game.
Nothingburger. Self-assessment, lmao. Okay, I've assessed my game. It's safe. Done.
Yes well...don't forget to write all the relevant documentation and make it available to your users 😅