Want to create an interactive transcript for this episode?
Podcast: Chaos Computer Club - recent events feed
Episode: Is NixOS ready for the CRA? (nixcon2025)
Description: The Cyber Resilience Act (CRA) is the EU's most important regulation for software in the last decade. While it makes an exception for open-source software and impact NixOS directly, any commercial product that includes NixOS has to comply with the CRA to allow offering in the EU.
In this talk, we give insights into the CRAβs requirements, showcase that Nix tooling with its focus on reproducibility is very well positioned for compliance, and point out the unsolved shortcomings. We focus on the update mechanism, SBOM tooling (together with matching CVEs from vulnerability mechanisms), and support durations.
about this event: ht...