Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nixpkgs might be affected by "REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL" #51

Open
Mic92 opened this issue Dec 28, 2024 · 8 comments
Open

Nixpkgs might be affected by "REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL" #51

Mic92 opened this issue Dec 28, 2024 · 8 comments

Comments

@Mic92
Copy link
Member

Mic92 commented Dec 28, 2024
edited
Loading

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0209&qid=1735389305511

Article 6

Obligations for software application stores

 1.Providers of software application stores shall:

(a)make reasonable efforts to assess, where possible together with the providers of software applications, whether each service offered through the software applications that they intermediate presents a risk of being used for the purpose of the solicitation of children;

(b)take reasonable measures to prevent child users from accessing the software applications in relation to which they have identified a significant risk of use of the service concerned for the purpose of the solicitation of children;

(c)take the necessary age verification and age assessment measures to reliably identify child users on their services, enabling them to take the measures referred to in point (b).

2.In assessing the risk referred to in paragraph 1, the provider shall take into account all the available information, including the results of the risk assessment conducted or updated pursuant to Article 3.

3.Providers of software application stores shall make publicly available information describing the process and criteria used to assess the risk and describing the measures referred to in paragraph 1. That description shall not include information that may reduce the effectiveness of the assessment of those measures.

4.The Commission, in cooperation with Coordinating Authorities and the EU Centre and after having conducted a public consultation, may issue guidelines on the application of paragraphs 1, 2 and 3, having due regard in particular to relevant technological developments and to the manners in which the services covered by those provisions are offered and used.

TL;DR:

We would need to add age verification to NixOS and review our 80K packages if they need to be age restricted. This is a problem because we don't have any accounts, so this is technically not feasible.
@Mic92
Copy link
Member Author

Mic92 commented Dec 28, 2024

The law is currently a draft since 2022. However Germany has a government change next year, which might lead to this law to be approved.

@Mic92
Copy link
Member Author

Mic92 commented Dec 28, 2024

There is currently no exception made for open source. This means the NixOS foundation would be liable and could receive penalty.

@Mic92
Copy link
Member Author

Mic92 commented Dec 29, 2024

@drupol are you not closer to the parliament?

@drupol
Copy link

drupol commented Dec 30, 2024

No, unfortunately. I'll see if I can get some people to check this out.

@spiage
Copy link

spiage commented Jan 12, 2025

‘software application stores’ means a type of online intermediation services, which is focused on software applications as the intermediated product or service;
‘software application’ means any digital product or service that runs on an operating system;

nixpkgs is the packages build/compilation and installation definition source code repository, not the digital 'software application'...
Am I wrong?

@voronind-com
Copy link

‘software application stores’ means a type of online intermediation services, which is focused on software applications as the intermediated product or service;
‘software application’ means any digital product or service that runs on an operating system;

nixpkgs is the packages build/compilation and installation definition source code repository, not the digital 'software application'... Am I wrong?

Then the cache is?

@jtojnar
Copy link
Member

jtojnar commented Jan 17, 2025

nixpkgs is the packages build/compilation and installation definition source code repository, not the digital 'software application'...

Many/most of the packages in Nixpkgs are software applications. And Nixpkgs is indeed an online service that intermediates those. So I would not say there is a material difference between Nixpkgs and e.g. Google Play Store according to that definition.

Our best hope would be that this would only target gatekeepers but I do not see that mentioned in CSAR or in the original definition in Section I, Article 2 of Digital Markets Act.

However, apparently, the proposal has been withdrawn for now: https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Combat_Child_Sexual_Abuse#Legislative_process

But we will still probably want to keep monitoring and coordinate with other distros when it gets back in discussion.

@Mic92
Copy link
Member Author

Mic92 commented Jan 17, 2025
edited
Loading

The issue is that it might be used by lobbyist of proprietary operating system to keep Linux distributions out of public environments such as schools because of missing age filter infrastructure. Even if the laws itself have not been tested in court.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Mic92 @drupol @jtojnar @voronind-com @spiage