• conciselyverbose
    link
    fedilink
    23
    edit-2
    1 year ago

    Literally no one but legal should have the authority to remove a contract from the website, and allowing any other human being to do so is gross negligence at absolute best.

    It should have sent a cascade of giant red flags the second it was touched.

    • @luciferofastora@lemmy.zip
      link
      fedilink
      English
      61 year ago

      Oh it definitely would be grossly negligent, but the amount of technical systems I’ve seen that somebody should have a stake in but wasn’t actually involved with… well, if Legal’s purview ends at writing up those terms, Compliance made sure they’re up in an appropriate place and nobody thought to put “make sure they are automatically involved of any change affecting this” on the checklist, all the boxes have been ticked and they won’t notice until the fallout starts hitting.

      In an ideal world, any change to the master branch of that repo or to the repo itself should require the approval of a technically versed member of Legal/Compliance (or one of each, if they’re separate teams). In reality, that approval process may well exist only on paper, with no technical safeguards to enforce it.