Anthony Towns <[email protected]> writes: > Again, if someone wants to volunteer to help get this right, please > stick your hand up.
I haven't been following this thread too well lately, but what are your thoughts on this? I'm willing to volunteer, as I do have some experience in non-professional accounting and auditing (I'm not an accounting or auditing professional but do have about 20 years of experience in doing accounting and auditing for non-profit organizations of various sizes). My understanding is that there are three kinds of assets Debian has (held in trust by SPI): monetary, hardware and IP. A trivial way of auditing these is as follows (this is from a Finnish perspective, US may do things differently). Monetary assets: Bank statements for the auditing period provide enough information in the normal case. Hardware: For servers on the Internet, SSH access to those should provide enough information as to their configuration. IP: This requires a bit more work (I admit I have little experience in this field). I'd say that a statement from the board as to what has been done to protect the IP, including any applications made to the proper authorities, would be a good start. -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
