wlandau
commented
2 days ago More information from Terry Christiani, Director of the R Consortium:
Here is a link to the EU Cyber Resilience Act fact sheet: https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act-factsheet
The Linux Foundation is working to finalize a process for "Software Stewards" (a distinct class of software distributors that are open source - not commercial software distributors) to ensure that our repositories and mirrors are meeting the law's requirements and we can continue to distribute R packages after the law goes into effect in October of 2027.
I will continue to liaise with the LF and bring the recommendations back to the repositories group.
Lawrence will meet with R-Core and bring back their needs to the repositories group so we can all figure out how best the RC and our member sponsors can help support the work.
In today's R Repositories WG meeting, we discussed the new EU Cyber Resilience Act. The R Consortium and Linux Foundation are working on specific requirements for software stewards such as maintainers of CRAN, Bioconductor, and R-multiverse to ensure compliance. Apparently, the requirements will center on (1) transparency about processes, and (2) prevention of malware. All R package repositories will apparently need to comply by October 2027 or else they will not be able to distribute packages in the EU.