Talk:Cyber Resilience Act

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Cyber Auditors[edit]

I have read that the CRA will require lots of cyber auditors, but currently there are very few and and no standards which they should follow. This means that in the short to medium term there is a high risk that audits required by the CRA will become a significant bottleneck in the industry. AndrewA (talk) 19:48, 19 July 2023 (UTC)[reply]

Please add the current status[edit]

What this article lacks, is the current status of the Cyber Resilience Act. In particular, the status should include the roadmap - the list of steps which need to be taken before the act can enter into force. --134.191.196.171 (talk) 14:55, 14 September 2023 (UTC)[reply]

The current status is listed in the infobox on the top right as "Proposed". Indeed, a legislative roadmap would be useful, should one exist. Regarding terminology, in some countries, a "proposed Act" is instead known as a "Bill", which lessens the chances for confusion. RobbieIanMorrison (talk) 19:49, 11 October 2023 (UTC)[reply]

Wiki Education assignment: Cybersecurity Policy[edit]

This article was the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): Sec64422 (article contribs). Peer reviewers: Mesaydmesay.

— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)[reply]

Criticism of the regulation[edit]

Since there seems to have been an edit dispute (I only accidentally reverted it the 2nd time however, my bad, the wiki UI for some reason it didn't make me aware) there were at least two parties, one of which is also the source listed as the main quote of the "praise", that also criticized the regulation. I think it makes sense to keep this in the opening section since 1. the criticism seems substantial, and 2. the OSI is not an unimportant actor and Debian probably isn't either, and 3. there actually aren't that many sources for the praise listed either, and 4. otherwise the opening text kind of just sounds like all disaster was perfectly averted and there's nothing to see here, basically, which seems unbalanced. I personally find it weird people would have to read two pages of article to find any mention of criticism of the supposedly fixed versions at all. Nevertheless, I have no interest in an edit war so I won't touch the article anymore regarding this point.176.7.193.91 (talk) — Preceding undated comment added 03:40, 4 June 2024 (UTC)[reply]

Congratulations, you've discovered the Wikipedia:BOLD, revert, discuss cycle on your own! It takes a wise brain to do that. :) (Seriously!)
I'm not saying that the OSI and Debian are unimportant. I'm saying that Debian's position isn't shared and the OSI isn't actually supporting Debian's position.
On WP:DUE weight: When you oversimplify it, Wikipedia is basically an echo chamber of reliable sources. No other source repeats Debian's viewpoint. Basically all sources believe that crisis was averted, so that's basically what we report. It's not the quantity that matters; it's the percentage here.
On the OSI, again, they said that Debian's statement "gives cause for thought". This seems to just be speculation that this may not necessarily mean that there won't be bumps in the future, but it's not elaborated enough to present it as a concurrent viewpoint as you did.
IMO, the last sentence in the reception section is pretty prominent since it directly follows an indented part.
I'm going to sleep now. See you soon! Aaron Liu (talk) 03:50, 4 June 2024 (UTC)[reply]
Given there aren't that many source for praises either with the praise still so prominently mentioned in the opening paragraph I just disagree that it's not worth mentioning given it seems like a substantial problem. And I think for clarity that mention needs to be somewhere after the explanation of that praised revision. Nevertheless, I don't care enough to go into more possibly disputing edits so I'll leave it up to you whether I convinced you or not.176.7.193.91 (talk) 03:59, 4 June 2024 (UTC)[reply]
(Additional minor note: and OSI's "cause for thought" and "While it’s all much better [...] there are still challenges ahead" doesn't sound like crisis fully averted to me, like the opening sounds to me right now.) 176.7.193.91 (talk) 04:03, 4 June 2024 (UTC)[reply]

Regarding https://en.wikipedia.org/wiki/Cyber_Resilience_Act I still find your latest version ( https://en.wikipedia.org/w/index.php?title=Cyber_Resilience_Act&oldid=1227166951 ) suboptimal compared to before ( https://en.wikipedia.org/w/index.php?title=Cyber_Resilience_Act&oldid=1227166205 ). The problem I tried to solve, which still applies to your latest version, is that the opening section sounds like all criticism was averted with the later changes. To avoid this, the criticism in my opinion needs to be chronologically mentioned after the mention of the supposed fixes. This is what I tried to address in the latest edit of mine, also see my explanation here: https://en.wikipedia.org/wiki/Talk:Cyber_Resilience_Act#Criticism_of_the_regulation Nevertheless, I reverted your in between edits by accidents and don't want an edit war, so I won't touch it for now. But I think your latest attempt doesn't quite address this concern and I therefore personally think it's not ideal. 176.7.193.91 (talk) 03:46, 4 June 2024 (UTC)[reply]

Additional note: after some more thought I actually think that latest revision of the opening paragraph (edit: link for clarity https://en.wikipedia.org/w/index.php?title=Cyber_Resilience_Act&oldid=1227166951 ) is worse than not mentioning Debian's point at all, since it makes it sound like that criticism was then addressed with the praised revisions which seems like an incorrect timeline. Given the OSI's own statement doesn't seem as perfectly positive to me either, with mention of the challenges ahead etc., I just don't think the article's opening has a balanced ton without mentioning some apparently remaining criticism in at least one single sentence. It sounds to me a bit like some EU lobbyist patting themselves on their own back, if that makes sense. But maybe that's just me.176.7.193.91 (talk) 04:07, 4 June 2024 (UTC)[reply]
5 sources are enough. The OSI only has paragraphs taking up just 1/6th of a mid-sized article. To say that there's substantial worry is simply lying IMO.
I also disagree that it sounds like Debian's concern was addressed. Debian criticized its effect on small businesses, relief was released at the exception for open-source. Aaron Liu (talk) 19:35, 4 June 2024 (UTC)[reply]
"To say that there's substantial worry is simply lying IMO." I was meaning on a factual level, not on how many people care or on some arbitrary scale on which source is somehow more important. It just seems like a factually substantial problem if it might kill a lot of small businesses in I assume an avoidable way. "I also disagree that it sounds like Debian's concern was addressed." I mean, I can see your point that it might be implied not to be due small businesses vs open-source, but you're presenting it both in a reversed timeline to how it really happened, and in a reversed order as for how it would reinforce that the revisions and praise weren't related and didn't address it. I don't understand how that's an improvement over my previous revision on any level. It just seems to be more prone to being misread with no obvious gain.176.7.193.91 (talk) 19:51, 4 June 2024 (UTC)[reply]
It's an improvement because it doesn't suggest that the opinion holds substantial weight right now. Articles, especially the lede, should only reflect popular viewpoints per WP:DUE.

a reversed timeline

The events are correctly presented in chronological order. Debian's statement was before the amendments. Aaron Liu (talk) 20:04, 4 June 2024 (UTC)[reply]
"It's an improvement because it doesn't suggest that the opinion holds substantial weight right now." That is fair on the wording, but doesn't make the order better. Debian's statement is from the 27th of December: https://bits.debian.org/2023/12/debian-statement-cyber-resillience-act.md.html The revised Cyber Resilience Act is from the 20th of December: https://data.consilium.europa.eu/doc/document/ST-17000-2023-INIT/EN/pdf (You can see it's the revised one since it's linked from here: https://opensource.org/blog/the-european-regulators-listened-to-the-open-source-communities ) So unless I'm missing something, the order is indeed reversed and as argued above I think it's purely worse than the correct order. Nevertheless, I appreciate you being open to talking about this, and I'll leave any further edits to you in case I managed to convince you on the order issue. I think the wording is fine.176.7.193.91 (talk) 20:09, 4 June 2024 (UTC)[reply]
Okay, that does through a wrench into everything... I've restored a version of your edit. Thanks! Aaron Liu (talk) 22:42, 4 June 2024 (UTC)[reply]
I like how it turned out. Well done, and thanks for the productive back and forth.176.7.198.22 (talk) 07:07, 5 June 2024 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Cyber_Resilience_Act&oldid=1227355518"