Tweaks on regulatory policy #27
Description
Hi, here are a few quick comments on this page:
https://github.com/w3c-cg/swag/blob/main/docs/regulatory_policy.md
The word controling should be controlling.
It says:
The CRA may apply if your web site or web app is integrated into a packaged application - for example, if it appears in a web view.
I think the "for example" text will confuse many. I think this would be a better example:
for example, if your web app is converted into an Electron app and sold as a desktop application, then it would be considered a product under the CRA.
Currently the text says:
Open source library developers, if they expect that their libraries may be used by those developing PDEs, should consider how their software is "stewarded" and especially how they recveive and respond to security vulnerability reports.
OSS does not HAVE to have a steward under the CRA, which I presume is what you're hinting at by "stewarded". The CRA doesn't use the verb form "stewarded" anyway, it only uses the noun form. I suggest avoiding the verb form as confusing.
I'd rewrite this as:
Open source library developers, if they expect that their libraries may be used by those developing PDEs, should clearly state how to send vulnerability reports, and prepare to receive and respond to those security vulnerability reports. An OSS project does not have to have a "steward" under the CRA, but OSS developers of widely-used or important programs may want to identify and establish a steward for it.
Change "havea" to "have a".
I hope these comments help!