Newbie question on code vetting
Edward Elliott
nobody at 127.0.0.1
Thu May 4 14:43:15 EDT 2006
william.boquist at gte.net wrote:
> I agree with your point, which is why I asked the question. Risk cannot be
> eliminated, but it can be understood and managed so that useful work can
> still be done. If there is any way I can find out what the commiters do
> prior to reaching a decision to accept or reject a particular submission,
> I would like to know about it.
If committers make no checks on submitted code, that doesn't have to be an
automatic showstopper, even for a risk-averse company. How many of the
alternatives perform more stringent checks on their code? How much
misappropriated code is floating around in closed commercial products,
where the privacy of the source may encourage more liberal borrowing?
Anyone can say they check their IP, but how many organizations put their
money where their mouth is and provide indemnity? How visible will your
company and your Python projects be?
You can always try to make the case that even without ip checks python makes
your company 1) no more vulnerable than the other software they already
rely on, and 2) unlikely to be targetted for their use anyway. And if you
can show the financial gains from using it are highger than the potential
liability, you're golden.
More information about the Python-list
mailing list