|
|
Boost : |
From: David Abrahams (dave_at_[hidden])
Date: 2004-08-17 14:00:37
"John Maddock" <john_at_[hidden]> writes:
>> > Another permission for our records:
>>
>> Speaking of "records", what mechanism are we using to keep track of
>> these?
>>
>> Also, blanket-permission.txt is reasonably reliable, since ssh
>> connections are secure. Email is less-so, since it can be spoofed. I
>> hate to suggest this, but perhaps it would be best to ask those
>> without CVS access to mail a signed note, just to be sure. I can't
>> think of another mechanism that has legal verifiability. I'm going
>> to have lunch with Boost's lawyer today, so I can ask him about it.
>
> Uh, yes I know what you're getting at, I just don't want the bar set so high
> that no one replies. So far I've been forwarding to the list any
> permissions that have come back to myself or to boost-owner, and then adding
> the permissions to blanket-permission.txt.
>
> The problem we have is not everyone we need to contact has cvs access, or is
> even still subscribed to the list.
>
> We also don't do any more than look at someone email address, when accepting
> contributions to boost in the first place, do we? Of course maybe we
> should...
The lawyer is satisfied that in practice what we're doing is fine, so
we don't have to worry ;-)
-- Dave Abrahams Boost Consulting http://www.boost-consulting.com
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk