Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Kicking off the CRA Attestations project
Of course!! Repeating that ianal but we did ran this past counsel and felt it was sufficient.

Each attestation was marked with the company for which it was created and included a footer saying that it was only valid for the receiving company's compliance purposes. 

Greg Wallace
Mobile: +1 919.247.3165

On Thu, Oct 23, 2025, 12:35 PM Mathias Schindler <mathiasschindler@xxxxxxxxxx> wrote:
Dear Greg,

thank you for your email and the replies to my questions.
 
For the FreeBSD SSDF Attestation, we chose to bind the Attestation to both the SW Version and the recipient. At the time, it was felt that this was the best way to ensure fairness. The Foundation includes the Attestation with any Corporate Partnership (https://freebsdfoundation.org/our-donors/freebsd-foundation-partnership-program/). 


What is the legal instrument FreeBSD relies on that an attestation is bound to a specific recipient? 

Mathias

Back to the top