toggle quoted messageShow quoted text
Probably just to prevent some misunderstanding or unnecessary fears:
The law, Dirk referred to, will be effective from 2023. Then it addresses companies with >3000 employees, from 2024 it will also address companies >1000 employees.
The focus is on human rights, it comprises direct as well as indirect suppliers - so this would not make much of a difference. But the requirements depend on several factors, one of them is the impact that the consuming company can have on the
particular "violating supplier company".
The „violation“ is not based on blacklisted countries! The „violation“ has to happen - systematically - within the particular supplier (direct or indirect) organisation. (e.g. coding kiddies, 20hrs a day in the dark and wet basement of the software
provider might qualify)
I guess someone capable of contributing to open source, in general does not qualify for such a sort of „abuse“. ;-)
Mit freundlichem Gruß / kind regards
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51
That is a brilliant question. I would add to this that consideration of open source projects in general have many contributors. Would that make a company contributing to the code-base “that may include individual contributors who reside in countries designated
on the violators list” at risk? Remember that there is no requirement to vet contributions by nationality or residency? This is a question that really requires a Legal opinion and perhaps a change to German law clarifying this.
Sent via carrier pigeon
On Jul 1, 2021, at 7:32 AM, Dirk Riehle <dirk@...> wrote:
On 01.07.21 13:35, Carlo Piana wrote:
I guess a German Lawyer should reply.
In general terms, as I have been pondering it on other accounts, I would suggest that making FOSS generally available does not qualify as a supplier relationship. One needs to have a development agreement or a support agreement for that. This could also include
developing FOSS to be given at large.
It is also my guess that you need an explicit supply contract to establish the supplier relationship formally.
If you do it within a holding company (inner source) that formal relationship is established automatically, even if you don't put something down in writing. In open source, this is not the case AFAIK.
Morally, and the thrust of the law is a moral one, in-kind compensation or just the dependency still might create public backlash.
Confused about open source?
Get clarity through https://bayave.com/training
Website: https://dirkriehle.com - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550