This is exactly the commercial activity, Yes. You are putting the open-source software on the market in this case. And yes you will be obliged to provide security fixes and generally comply with other requirements. Otherwise no-one will want to use your software and pay you for it. You will have to factor-in the cost of doing it in your prices.
But if you donate your software to an open-source foundation with good and vendor neurtral governance and THEY will release the software not you (i.e. put the software on the market) then you can earn money as much as you want.
That summarizes your sense of alarm and urgency, I think!
For those outside the EU, regulations are normal in the EU when offering commercial products or services. For example, in the US, businesses are self-regulated with assistance from government institutions. Thereās nothing new here, just a bit of standardization. And Iām not a lawyer either!
Thats fine, itās the intent to make a profiit. profit != revenue. You really should read the article I linked to in this thread. It will go over all of your cases.
I did, and I remain confused by several points, including jurisdiction, and exactly what counts as commercial. Thatās why I kept asking. I did read the article.
Does it make a difference if my clients are in the US rather than Europe? Or what if Iām not actually using this open source software with those clients at all, but they were attracted to me because my GitHub profile looks like bathroom tiles? It is VERY UNCLEAR what constitutes āmaking a profitā or āputting software on the marketā here.
Thatās your idea of beneficial? That sole programmers canāt release any of their own software any more, and we have to release every tiny thing through some sort of buffer organization??
Yes. Itās beneficial for end users. They will have more secure software, because those who wonāt be able to patch it or wonāt decide to let others take care of good processes and governance will go out of buisness.
Itās not ābufferā - itās the governance, vendor neutrality, promise to keep the software updated and secure even if you personally got hit by the bus tomorrow.
Yes. It 's not good for some companies and people. But good for society in general.
My question is, what do they mean by āmarketā? My everyday personās
understanding is that a market is a place where people buy and sell
stuff. If you put something out into the world for anyone to use and
donāt expect anything in return, I donāt see how that is āputting it on
a marketā.
I think everyone is over thinking it, especially those not used to being in a country with any regulation
Basically if you are effectively selling a license to use your software within the EU
Then thatās basically what they mean by putting it in the market
If you are just being paid to maintain it or provide support then since it isnāt licensed you wonāt be covered
And of course if the code isnāt lisensed eithin EU jurisdiction you will be fine
So effectively think of it like this:
Python doesnāt sell a license for its code so it wouldnāt be covered
SAAS companies also donāt sell a license for their code so they wouldnāt be covered
Red hat sell a license for the maintained version of their packages such as Linux so they would be covered
Google builds many open source projects, their libraries wouldnāt be covered normally since they donāt sell you a license, however their libraries are part of their products which they do effectively license to end users. Meaning they are obligated for this reason
Essentially do you have a commercial arrangement with a customer within the EU that makes you obligated to maintain their installation of your code. Not just a sponsorship to update the source code, not just consultancy on how to use the core but a direct and clearly defined obligation
Just like how GDPR and WEPP work. Just because a company uses your services doesnāt make you automatically obligated
This enormous sidebar strikes me as a little unfair to the OP, who has wanted to talk about a pretty different subject matter.
Iām seeing appeals to authority (āpeople smarter than meā), and Iāll just note that the moment I see that, I lose a significant amount of trust for the speaker. Thereās a big difference between deferring gracefully to the knowledge of experts and answering an expert opinion with a vague hand wave.
For 99% of developers, thereās no need to worry about new government standards until they actually materialize, but I am not really going to try to convince anyone who has already decided otherwise.
Everyone, this discussion is now firmly off-topic. Unless thereās anything else to be added to the issue of LTS/extended support [1], letās move the remaining discussion elsewhere.
It seems to me that your assertion is based on what I see as a flawed comparison to the maintenance and ongoing support of operating systems in a commercial context.
Generally speaking LTS releases with many years of support require a sizable sustaining engineering department to pull off because there are huge amounts of effort spent back porting critical fixes and generally dragging that antediluvian version forward in time to match the challenges of the current day.
This feels like a mismatch with the reality of the CPython core team to me, much less as many have cited, the small army of library maintainers already struggling to support the current limited support version matrix.