The EU Open Source Strategy

Original Article ↗ Hacker News Discussion ↗

Overall Funding Strategy and Bureaucracy

  • Many see the “strategy” as vague, high-level rhetoric without clear, concrete actions, budgets, or timelines.
  • Strong criticism that EU funding patterns favor large consortia, research institutes, and “fund-sucking” intermediaries over small core OSS projects and individual maintainers.
  • Some argue this is a structural consequence of EU state-aid / market rules: the EU is designed as a neoliberal institution that cannot directly fund strategic development the way e.g. China or even the US sometimes can.
  • A few point to exceptions (e.g. NLnet-style grants) as proof that smaller, impactful FOSS projects can be funded, but others see even those as insufficient or still too indirect.

Government Adoption of Existing Open Source

  • Strong desire for EU/public administrations to actually use existing open-source alternatives instead of defaulting to Microsoft/Google clouds.
  • Current “open by default unless justified otherwise” rules are seen as easily bypassed with boilerplate justifications.
  • UX and polish of many FOSS collaboration tools (Nextcloud, Matrix, etc.) are perceived as inferior to commercial suites, limiting uptake despite some promising national projects (Dutch “mijn-bureau-infra”, French “La Suite Numérique”).
  • Commenters want procurement reform and open-source–friendly tenders, but note these ideas remain mostly buzzwords in policy texts.

Linux Desktop, Security, and Digital Sovereignty

  • Debate over whether GNU/Linux desktops are suitable for public-sector use:
    • One side: no mainstream distro currently meets high-end security requirements (weak intra-host isolation, easy privilege escalation, poor persistence controls). macOS is praised on integrity and hardening, though politically undesirable.
    • Other side: enterprise Linux (e.g. SUSE/Red Hat) is “secure enough” and likely at least no worse than typical Windows deployments; security weaknesses are solvable with investment.
  • Several suggest the EU should fund a hardened, sovereign OS/distro (possibly Linux- or BSD-based), but there is disagreement on ROI vs. first replacing cloud/email/groupware dependencies.
  • Broader recognition that Linux desktop demand among average users is very low; hardware availability and consumer value proposition remain major obstacles.

Liability, CRA, and Product Safety Rules

  • New rules (Cyber Resilience Act, Product Liability Directive) are a major flashpoint:
    • Non-commercial OSS is generally exempt, but once integrated into a commercial product, the company is liable for defects and security failures in those OSS components.
    • Some see this as entirely reasonable: if you profit from shipping a product, you should stand behind all of it, regardless of where the code comes from.
    • Others fear it will chill commercial participation in OSS, make freelancing around OSS riskier, and discourage reuse due to disproportionate liability vs. profit.
  • Related concerns that “failure to patch” or exploitable bugs becoming legally defined “defects” raise compliance costs, but supporters argue this merely enforces basic responsibility.

Perceptions of EU Tech Policy, Regulation, and UX

  • Thread is highly polarized:
    • Critics say EU tech policy has “destroyed goodwill” through regulations that degrade UX (cookie banners, consent dialogs, app-store DMA outcomes), and that the Commission is captured by lobbyists and bureaucracy.
    • Defenders counter that many regulations have tangible benefits: GDPR, roaming abolition, USB‑C standardization, right-to-repair, passenger rights, consumer guarantees, food and product safety. They argue poor UX is largely malicious compliance by firms, not required by the law.
  • Some note US/Big Tech media and lobbying strongly attack EU initiatives, possibly shaping the overwhelmingly negative online discourse.
  • Others insist the EU often overreaches or mis-specifies rules (e.g., messaging interoperability, DMA app-store changes), creating perverse incentives and complexity.

Encryption and Lawful Access

  • Parallel EU initiatives around “lawful and effective access” to encrypted data raise fears that the same institutions promoting open source are also seeking de facto encryption backdoors.
  • Language in official texts is viewed as euphemistic, and commenters are skeptical any “backdoor” can coexist with genuine security.

Alternative Proposals and Miscellaneous Points

  • Suggestions include: fork Android as an EU platform, build an EU-controlled OS stack, or focus manufacturing policy on older, proven semiconductor nodes for resilience.
  • Some cynically see the whole strategy as “virtue signaling” or a political popularity play; others view it as a weak but still meaningful step toward digital sovereignty.