Hi, * Pirate Praveen <prav...@onenetbeyond.org> [2025-03-11 18:52]:
I think in previous discussions, it was suggested to pay for a proper legal opinion, may be from SFC or SFLC. I think this would be a good use of Debian's money.That depends on your expectations. Making any process legally bullet proof is like fixing all the security vulnerabilities in a software package.With a proper legal opinion, we will be in a much better position to evaluate changes to these processes.
It would be interesting to know if we are currently overspending or underspending on risk mitigation (in terms of time and money). A legal opinion will be helpful to inform our discussion, but it will not be a substitute for consensus on our collective risk appetite, i.e., how much legal exposure we deem acceptable for Getting Things Done.
Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
