|Re: [eclipse.org-committers] eSignature via HelloSign, was: Committers Agreement Open Ended|
We are indeed using HelloSign to provide a secure and legally binding eSignature experience for the Eclipse Committer and Contributor Agreement updates. These email communications will originate from Eclipse Foundation <noreply@xxxxxxxxxxxxxxxxxx>.
We understand HelloSign uses Bank-Grade Security to keep documents safe and secure. HelloSign’s documents are protected behind a firewall and authenticated against the sender’s session every time a request for that document is made. The entire site is https. All communications use SSL encryption and all data are stored in a SAS-70 certified data centre. More information on HelloSign's security can be read here .
Should anyone in the community truly have a requirement to update their agreement outside of HelloSign, please send a request to emo-records@xxxxxxxxxxx and we will work with you to provide options.
I complained about this privately.
Denis Roy conceded that I had a point in expecting that a trusted
institution such as www.eclipse.org should propagate the trust to any
subcontract such as hellosign by exploiting its service as
thereby assuring us that the EF has verified that hellosign is providing
a service that the EF has assessed. Allowing noreply@xxxxxxxxxxxxxxxxxx
to provide an unexpected invitation to transact Eclipse business at e.g.
hellosign/.../eclipse/.. is IMHO unacceptable since how can we really
tell that we are not being redirected to a variant of
On 24/02/2019 13:36, Mykola Nikishov wrote:
> Michael Keppler <Michael.Keppler@xxxxxx> writes:
>> Also, if future changes (which we are surely notified about) turn out
>> to be bad, you can still just turn down committer status at that point
>> of time, right?
> Up to this point it was fine - as an individual contributor, I've signed
> the contributor agreement with a party I trust but, at the same time,
> our agreement has quite a limited scope so that I do not expect some
> legal quirks to backfire at me in areas unrelated to the agreement.
> Now, there is a 3-rd party, HelloSign (a DropBox company), that would
> provide legally binding eSignature on my behalf:
> --8<---------------cut here---------------start------------->8---
> From: Eclipse Foundation <noreply@xxxxxxxxxxxxxxxxxx>
> Subject: Reminder: IMPORTANT: Action Required - Update Required to your Eclipse Individual Committer Agreement is awaiting your signature
> Date: Fri, 22 Feb 2019 20:13:28 +0000
> Reply-To: HelloSign <noreply@xxxxxxxxxxxxx>
> Eclipse Foundation is awaiting your signature
> To simplify this process, we are using HelloSign  to provide a
> secure and legally binding eSignature experience for the exercise.
>  https://www.hellosign.com/
> --8<---------------cut here---------------end--------------->8---
> It claims to reduce the amount of paperwork required from committers but
> it does not, quite the opposite.
> First, it brings in a new party that, by default, I do not trust in
> providing legally binding signature on my behalf.
> Second, to retain my Eclipse Individual Committer status, I have to find
> a local layer that is professional enough to give a legal advice on
> conventional/electronic signatures at the intersection of international
> and local laws of:
> - the State of California, USA
> - Ottawa, Ontario, Canada
> - un-named non-EU country
>  https://twitter.com/manandbytes/status/1099053820007469056
>> Ciao, Michael
>> PS: Of course, this is not legal advice.
This email has been checked for viruses by Avast antivirus software.
eclipse.org-committers mailing list
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
Back to the top