Okay,
Now that we've got some legal structure set up I'm curious if we shouldn't start looking at things we can/can't/should/shoudn't do. Here's some ideas floating through my head, I'd love to know everyone's opinion on them:
- Domain name, should we transfer this to be in the group's name? Can we do it? Does SFC have a process for this?
- Trademarks, etc. on the Inkscape name/logo, "Draw Freely" and other such stuff. Do we think this is worthwhile? Can the SFC lawyers help us with this or do we need to find an outside firm?
- If we do the above, do we need to draft a little "fair use" document kinda like the one that Linus has for Linux(tm) (used without permission)?
- Swag. I don't know how Mental feels about it, but should we look at using his, or making another, Cafepress site that marks up the goods slightly to put monies into our coffers. It seems that people would rather buy something marked up than donate (or at least that's the only logic I can find to all the return address labels I get).
Okay, that's my dump. Thoughts? Ideas?
--Ted
On Tue, 10 Apr 2007 08:41:49 -0700, Ted Gould <ted@...1...> wrote:
- Domain name, should we transfer this to be in the group's name?
Yes.
Can we do it?
It should be possible.
Does SFC have a process for this?
Probably not -- it's likely one of those things we can/should handle ourselves.
- Trademarks, etc. on the Inkscape name/logo, "Draw Freely" and other
such stuff. Do we think this is worthwhile?
Yes, it's going to be an issue eventually, so it's best we cover our bases now.
Can the SFC lawyers help us with this or do we need to find an outside firm?
We'll need to ask.
- If we do the above, do we need to draft a little "fair use" document
kinda like the one that Linus has for Linux(tm) (used without permission)?
Yeah. Otherwise we have to be too anal about enforcing things on a case-by-case basis, and that's no fun for anyone.
- Swag. I don't know how Mental feels about it, but should we look at
using his, or making another, Cafepress site that marks up the goods slightly to put monies into our coffers.
Sounds good to me. We should set up a new Cafepress account with the nonprofit's tax information rather than using my personal account.
Incidentally, this brings up another issue -- we need to work out a scheme for securely storing/sharing the login information for various accounts which we create in the name of the organization, so the credentials are available to any of the board members if required (though for sanity's sake each account should probably still have a particular board member being primarily responsible for it, internally). Any ideas on that front?
-mental
MenTaLguY wrote:
Incidentally, this brings up another issue -- we need to work out a scheme for securely storing/sharing the login information for various accounts which we create in the name of the organization, so the credentials are available to any of the board members if required (though for sanity's sake each account should probably still have a particular board member being primarily responsible for it, internally). Any ideas on that front?
I've always wanted a GPG password safe, that could allow for storing and sharing credentials between multiple parties in a secure fashion. Is there anything like that out there?
Aaron Spike
On Thu, 2007-04-19 at 07:05 -0500, Aaron Spike wrote:
MenTaLguY wrote:
Incidentally, this brings up another issue -- we need to work out a scheme for securely storing/sharing the login information for various accounts which we create in the name of the organization, so the credentials are available to any of the board members if required (though for sanity's sake each account should probably still have a particular board member being primarily responsible for it, internally). Any ideas on that front?
I've always wanted a GPG password safe, that could allow for storing and sharing credentials between multiple parties in a secure fashion. Is there anything like that out there?
http://oss.codepoet.no/revelation/
I've used revelation, it's not GPG, it's AES, but I think that'll probably work for you :)
We could either share a file like this, or perhaps it would be better to have a text file that is encrypted with everyone on the board's GPG keys and posted to the mailing list. That way they'd be in "public" but also secure. As board members change the keys used to encrypt it would also.
--Ted
Ted Gould wrote:
On Thu, 2007-04-19 at 07:05 -0500, Aaron Spike wrote:
MenTaLguY wrote:
Incidentally, this brings up another issue -- we need to work out a scheme for securely storing/sharing the login information for various accounts which we create in the name of the organization, so the credentials are available to any of the board members if required (though for sanity's sake each account should probably still have a particular board member being primarily responsible for it, internally). Any ideas on that front?
I've always wanted a GPG password safe, that could allow for storing and sharing credentials between multiple parties in a secure fashion. Is there anything like that out there?
http://oss.codepoet.no/revelation/
I've used revelation, it's not GPG, it's AES, but I think that'll probably work for you :)
We could either share a file like this, or perhaps it would be better to have a text file that is encrypted with everyone on the board's GPG keys and posted to the mailing list. That way they'd be in "public" but also secure. As board members change the keys used to encrypt it would also.
AES would work for me personally, sure. But I've got a few places, including inkscape, where I would like to have passwords available to multiple parties without shared secrets. That's why I was looking for something that used GPG. A text file is a very simple solution but with out many perks. I'm sure it would work fine for us.
Aaron Spike
On Thu, Apr 19, 2007 at 12:45:23PM -0500, Aaron Spike wrote:
Ted Gould wrote:
On Thu, 2007-04-19 at 07:05 -0500, Aaron Spike wrote:
MenTaLguY wrote:
Incidentally, this brings up another issue -- we need to work out a scheme for securely storing/sharing the login information for various accounts which we create in the name of the organization, so the credentials are available to any of the board members if required (though for sanity's sake each account should probably still have a particular board member being primarily responsible for it, internally). Any ideas on that front?
I've always wanted a GPG password safe, that could allow for storing and sharing credentials between multiple parties in a secure fashion. Is there anything like that out there?
http://oss.codepoet.no/revelation/
I've used revelation, it's not GPG, it's AES, but I think that'll probably work for you :)
We could either share a file like this, or perhaps it would be better to have a text file that is encrypted with everyone on the board's GPG keys and posted to the mailing list. That way they'd be in "public" but also secure. As board members change the keys used to encrypt it would also.
AES would work for me personally, sure. But I've got a few places, including inkscape, where I would like to have passwords available to multiple parties without shared secrets. That's why I was looking for something that used GPG. A text file is a very simple solution but with out many perks. I'm sure it would work fine for us.
Aaron Spike
GPG sounds good to me too.
Bryce
On Thu, 19 Apr 2007, Ted Gould wrote:
On Thu, 2007-04-19 at 11:43 -0700, Bryce Harrington wrote:
GPG sounds good to me too.
I can't find keys for Jon Cruz or Nathan Hurst. The others I have. Do you guys have GPG keys?
No. I'll get aaron to hold my hand for one.
How would this work? We create a file with: inkscape.org domainname password = cooT0bohiy4AGhil then encrypt it n times, once for each member?
njh
On Fri, 2007-04-20 at 15:47 +1000, njh wrote:
How would this work? We create a file with: inkscape.org domainname password = cooT0bohiy4AGhil then encrypt it n times, once for each member?
Actually you can encrypt it once with everyone's key. I'm not sure internally how that works. But, I know that it does. Just like you can send e-mails to multiple people which all can read.
--Ted
On Thu, 19 Apr 2007, Ted Gould wrote:
On Fri, 2007-04-20 at 15:47 +1000, njh wrote:
How would this work? We create a file with: inkscape.org domainname password = cooT0bohiy4AGhil then encrypt it n times, once for each member?
Actually you can encrypt it once with everyone's key. I'm not sure internally how that works. But, I know that it does. Just like you can send e-mails to multiple people which all can read.
I guess it just encrypts the one symmetric cypher with all the asymmetric ones.
njh
On Fri, 2007-04-20 at 18:39 +1000, njh wrote:
Actually you can encrypt it once with everyone's key. I'm not sure internally how that works. But, I know that it does. Just like you can send e-mails to multiple people which all can read.
I guess it just encrypts the one symmetric cypher with all the asymmetric ones.
I'd guess that too, but the explanation that I like better is that it sends the file into deep space and then encrypts the coordinates to each user. Then you pick it up on SETI@...21... Think, that'd reduce the file size also! :)
--Ted
On Thu, 2007-04-19 at 22:24 -0700, Ted Gould wrote:
I can't find keys for Jon Cruz or Nathan Hurst. The others I have. Do you guys have GPG keys?
That also reminds me -- we really need to establish a web of trust for the board keys as well. Perhaps some keysigning at LGM?
-mental
On Sat, 2007-04-21 at 14:14 -0400, MenTaLguY wrote:
On Thu, 2007-04-19 at 22:24 -0700, Ted Gould wrote:
I can't find keys for Jon Cruz or Nathan Hurst. The others I have. Do you guys have GPG keys?
That also reminds me -- we really need to establish a web of trust for the board keys as well. Perhaps some keysigning at LGM?
Yes, we do. Two people that I'd really like in that web are Aaron and Nathan who I don't believe are going to be there. Does Andy have a key? We can get an indirect connection (off to AU) there. Or, I guess a quick call with a fingerprint would probably work too. We can conference Nathan in :)
--Ted
On Sun, 22 Apr 2007, Ted Gould wrote:
On Sat, 2007-04-21 at 14:14 -0400, MenTaLguY wrote:
On Thu, 2007-04-19 at 22:24 -0700, Ted Gould wrote:
I can't find keys for Jon Cruz or Nathan Hurst. The others I have. Do you guys have GPG keys?
That also reminds me -- we really need to establish a web of trust for the board keys as well. Perhaps some keysigning at LGM?
Yes, we do. Two people that I'd really like in that web are Aaron and Nathan who I don't believe are going to be there. Does Andy have a key? We can get an indirect connection (off to AU) there. Or, I guess a quick call with a fingerprint would probably work too. We can conference Nathan in :)
I'm moving to the states. I can certainly give mental or you a ring.
njh
On Mon, 2007-04-23 at 15:32 +1000, njh wrote:
I'm moving to the states. I can certainly give mental or you a ring.
Ah, cool. I was more thinking during LGM. But, depending on where you're moving, Mental and I live on opposite coasts, so you'll probably be close to one of us :)
--Ted
participants (5)
-
Aaron Spike -
Bryce Harrington -
MenTaLguY -
njh -
Ted Gould