> I`m 100% agree with your security position. I will try to minimize risks. My
> actions will include (but not limited to) clear backup/restore strategy, some
> initial code cleanup (already in progress), file and processes audit. Also i
> think that we will change encoder before going open source to much more
> one. And i have idea about "early adoption" period when source will be opened
> only to a few number of peoples which will agree to review and audit the
This sounds good, as well as the development server without any sensitive data.
Finding auditors is a well-known problem in the whole open source world (and in
proprietary software too, many companies don't tend to do much auditing because
it's costly) but I hope it'll work out well.
> Developers portal: we already registered our project @ sf.net, also i filled
> request for the developers.berlios.de project, it will be used as backup
Are you sure you'll need both your own dev server, sf.net portal AND the backup
portal? I'm slightly worried that the two latter ones would cause overhead so
that people would have to check out and feed changes to both, and they might
become out of sync. Yes, there should be backups of the data in sf.net, but two
portals being online in parallel doesn't sound so good idea. Or is the
berlios.de site constructed so that you can automatically mirror the data from
sf.net without manual work?
> Licensing: at my and most of the developers opinion apache license is good
> our project. It is more bsd like than gnu like.
At least I'm perfectly okay with this. Apache is a popular and well-known
license and therefore a good choice. Personally I don't have a strong preference
towards either bsd/apache/x11 style licenses or towards copyleft-style (GPL)
licenses - they both have their places. And you're correct in pointing out that
copyright assignment question is less important if the license is Apache rather
> Openness in general ... So, let`s take organization moments out this thread
I agree, it's better to keep this thread focused on the code, security and