The Council of the EU has adopted the #CRA Cyber Resilience Act yesterday. This will have huge consequences for everyone who ships hardware and software as a product. Almost no actual open source developers face direct regulation (for writing software), but the users of our open source software very much do. The CRA notably suggests that commercial users pony up for improved open source security attestation. It is a big act, but it offers real possibilities for making better software! 1/2