Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] eSignature via HelloSign, was: Committers Agreement Open Ended

We are indeed using HelloSign to provide a secure and legally binding eSignature experience for the Eclipse Committer and Contributor Agreement updates.  These email communications will originate from Eclipse Foundation <noreply@xxxxxxxxxxxxxxxxxx>.

We understand HelloSign uses Bank-Grade Security to keep documents safe and secure.  HelloSign’s documents are protected behind a firewall and authenticated against the sender’s session every time a request for that document is made.  The entire site is https.  All communications use SSL encryption and all data are stored in a SAS-70 certified data centre.  More information on HelloSign's security can be read here [1].

Should anyone in the community truly have a requirement to update their agreement outside of HelloSign, please send a request to emo-records@xxxxxxxxxxx and we will work with you to provide options.

[1] https://www.hellosign.com/legal/security


Regards,
Sharon 




On Mon, Feb 25, 2019 at 8:47 AM Ed Willink <ed@xxxxxxxxxxxxx> wrote:
Hi

I complained about this privately.

Denis Roy conceded that I had a point in expecting that a trusted
institution such as www.eclipse.org should propagate the trust to any
subcontract such as hellosign by exploiting its service as

www.eclipse.org/.../hellosign/...

thereby assuring us that the EF has verified that hellosign is providing
a service that the EF has assessed. Allowing noreply@xxxxxxxxxxxxxxxxxx
to provide an unexpected invitation to transact Eclipse business at e.g.
hellosign/.../eclipse/.. is IMHO unacceptable since how can we really
tell that we are not being redirected to a variant of

trojans.r.us/.../eclipse/....

     Regards

         Ed Willink

On 24/02/2019 13:36, Mykola Nikishov wrote:
> Michael Keppler <Michael.Keppler@xxxxxx> writes:
>
>> Also, if future changes (which we are surely notified about) turn out
>> to be bad, you can still just turn down committer status at that point
>> of time, right?
> Up to this point it was fine - as an individual contributor, I've signed
> the contributor agreement with a party I trust but, at the same time,
> our agreement has quite a limited scope so that I do not expect some
> legal quirks to backfire at me in areas unrelated to the agreement.
>
> Now, there is a 3-rd party, HelloSign (a DropBox company), that would
> provide legally binding eSignature on my behalf:
>
> --8<---------------cut here---------------start------------->8---
> From: Eclipse Foundation <noreply@xxxxxxxxxxxxxxxxxx>
> Subject: Reminder: IMPORTANT: Action Required - Update Required to your Eclipse Individual Committer Agreement is awaiting your signature
> Date: Fri, 22 Feb 2019 20:13:28 +0000
> Reply-To: HelloSign <noreply@xxxxxxxxxxxxx>
>
> Eclipse Foundation is awaiting your signature
>
> [...]
>
> To simplify this process, we are using HelloSign [1] to provide a
> secure and legally binding eSignature experience for the exercise.
>
> [1] https://www.hellosign.com/
> --8<---------------cut here---------------end--------------->8---
>
> It claims to reduce the amount of paperwork required from committers but
> it does not, quite the opposite.
>
> First, it brings in a new party that, by default, I do not trust in
> providing legally binding signature on my behalf.
>
> Second, to retain my Eclipse Individual Committer status, I have to find
> a local layer that is professional enough to give a legal advice on
> conventional/electronic signatures at the intersection of international
> and local laws of:
>
> - the State of California, USA
> - Ottawa, Ontario, Canada
> - un-named non-EU country
>
> [2] https://twitter.com/manandbytes/status/1099053820007469056
>
>> Ciao, Michael
>>
>> PS: Of course, this is not legal advice.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://www.eclipse.org/mailman/listinfo/eclipse.org-committers

IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation.  To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.

Back to the top