So, if you don't run applications, does this matter? Also, enforcement is by the CA attorney general, so random people can't go after you.

"Operating system provider" is defined, but that's kinda useless unless "operating system" is defined first.

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.

- Does such prohibition has any legal force at all? Does it do anything to prevent responsibility according to the bill? Wouldn't just saying "CA/CO have zero jurisdiction over us, get screwed" be a saner choice (of course it would be better if the project wouldn't host on M$'s servers).

- The main project license is GPLv3. GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility. But they still keep GPLv3 LICENSE.txt, which is problematic in itself - if LICENSE.txt says one thing and LEGAL-NOTICE.txt another, the conclusion might be that no license applies so no one may use the software at all!

- If they are reusing any GPL software that they don't hold copyright on, they might be or might not be in violation (would need a real lawyer to say if that's the case or not).

And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.

Seems to violate the open source definition paragraph 5, no?

> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure

This seems like an over reaction because of a simple date field

Because if so, that seems a lot more sensible than the online crap where you need to give ID or something. I remember someone suggesting requiring an `X-User-Age` header, and having adults responsible for having their children's account setup with their age, which this proposal seems to be more in line with.

From some of the other responses people seem against this proposal, am I missing something? (I only briefly skimmed the links) Is there some kind of attestation/ID required when the age is input?

This law hasn't even passed

Regardless of the technical details of the law(s), the devs are sensibly refusing to prompt for age on a fricking calculator.

Hopefully Linux distros get on board with this and announce non-CA/CO compliance as policy.

> 1798.500. For the purposes of this title:

> (i) “User” means a child that is the primary user of the device.

Child is defined:

> (d) “Child” means a natural person who is under 18 years of age.

But that means this is impossible:

> (b) (4) Whether the user is at least 18 years of age.

It's yet another surface that totalitarian parental control has crept into, and it's a serious problem. Young people kept strictly within the iron grip of their guardians generally aren't the ones who become happy actualized all-star adults.

Obviously there should be some limits on what teenagers and children can access, it shouldn't be entirely free reign, but robbing them of space to bend the rules severely limits their potential for growth and incurs a strong risk of extinguishing their spark.

There's no further elaboration on what age signals are preferred, so my assumption is that a DoB field in the user profile and a system service to request the age bucket is good enough. It's absolutely silly, but DB48X could implement that.

There's a related question of who is actually liable under this law - it seems written to target just Apple, Google, and Microsoft; and it only makes sense in the context of consumer electronics. Like, how does this work with enterprise systems? Servers? Is IBM going to have to rush out a patch for z/VM to ask the system administrator what their date of birth is?

I strongly encourage the EFF to sue the FSF over not shipping age verification in Emacs, since in every respect Emacs fits these criteria; it is a computer environment that avid users can reside fully within to operate their system, and its publisher operates a directory+repository system at https://elpa.gnu.org. I think that both organizations would be excited to pursue that lawsuit pro bono, since it would evidence such significant flaws in the law that it might be struck by the court.

Incidentally, this likely also implicates Tesla and BMW as not requiring age verification before allowing users to download updates containing new pay-to-unlock applications from their vehicles’ in-app purchase marketplaces. I’m sure they would both be happy to help overturn this law once implicated in violating it.

Developers are not lawyers, so they cannot be expected to know every subtle detail of the law, and not how these laws are then interpreted (in a often non-logical way) by courts.

They are not a covered application store, but they are an operating system provider, so the law does apply to them.