On Sun, Oct 13, 2019 at 11:39:30PM +0000, Eric Wong wrote:
Well, this is the bit where I say that it may not be allowed by
corporate
rules. I see this all the time in CAF/Android world where companies
*require* that all email goes through their SMTP server so that it can be
properly logged (often for legal reasons). And it is often equally required
that any code submissions come from per...@corporate.com and not
per...@free-email-provider.com for License/CLA reasons, so setting up a
webmail server is not a solution either.
Aren't they still allowed to submit stuff via forges the same way
they'd use a potential hacker-oriented webmail/SMTP/IMAP solution?
You're trying to apply logic to legal requirements. :) It's actually
fine for someone to submit a Github pull request using their corporate
"From:", because it's not an action that sends email from their
corporate address. Email is considered official company correspondence
and therefore must be preserved in case it needs to be turned over
during lawsuits (for fact-finding).
We can also find creative ways to subvert corporate policies:
For example; if their policy specifically prevents outgoing SMTP,
"git imap-send" could be used.
I'm generally against recommending solutions that can get people into
legal trouble. If their company requires that all work correspondence is
sent via the company's SMTP server, then we shouldn't be putting forth
technical solutions defeating this.
-K
_______________________________________________
Patchwork mailing list
Patchwork@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/patchwork
