Hey Bruce, I've been asked by my superiors here at Medium to look into this and find out how this matter is moving forward or if we have a plan yet for how it needs to move forward. Since Satchmo is our go-to e-commerce platform of record, we are interested in helping in either a financial or coding capacity, depending on what is actually needed.
Any word you can give me on this so I can carry it before the board here? Thanks, Bob On Fri, Nov 6, 2009 at 12:54 PM, Bruce Kroeze <[email protected]> wrote: > > On Fri, Nov 6, 2009 at 9:58 AM, Udbhav <[email protected]> wrote: > > > > Was reading an old post on Pinnacle Cart's blog regarding upcoming > > changes to PA DSS requirements becoming mandatory (http:// > > blog.pinnaclecart.com/2009/07/28/pa-dss-and-the-shopping-cart- > > industry/). I was just wondering where Satchmo stands on this issue, > > and whether it will be PA DSS certified. I haven't really been able > > to find too much discussion or documentation on this subject and was > > hoping for a little clarification. I do know Satchmo doesn't store > > card numbers or cvv2 information in the database unless you explicitly > > tell it to, but I'm not sure about Satchmo's official standing in > > relation to these matters. Could anybody clear this up, or at least > > point me in a direction where I can get a little more detail? > > This is quite frustrating and obnoxious. Not you, Dev, the process as > it relates to open-source projects. > > Interestingly, one of the "best practices" suggested in the PA DSS > Program Guide ( > https://www.pcisecuritystandards.org/security_standards/pci_pa_dss.shtml) > is that the payment system should preferably be isolated from the cart > itself. That's exactly what I've been doing with django-bursar. > > I'd even be willing - not eager, but willing - to do the assessment > and apply for certification. I'm confident that we already meet the > guidelines. However, there is no way I will personally assume the > cost of the $1250 application fee, the $125 listing fees for minor > updates, and the $500 yearly listing fee. I could kick in a couple > hundred, but I can't justify carrying the full load. I make a living > from Satchmo & Bursar, but it isn't so luxurious that I could afford > ~$1,000-$2,000 a year in listing fees. > > I think we need to come up with a strategy. If I could get > commitments from stores using Satchmo or Bursar to pay part of the > fees, then we could proceed, otherwise it simply is not worth my > effort to try since we'll be blocked by the fees. > > Also, I think it is time for Satchmo and Bursar to be more formally > copyrighted. I think it will be required as part of the certification > process for the software to be "owned" by an actual legal entity. > This is a can of worms, of course. I own a company that would be > willing to assume the responsibilities of benevolent ownership, at > least of Bursar, but I'd need formal releases of rights to the code > from everyone involved. Luckily, that is largely me and Chris. A > couple of the payment modules would need rights releases, however. > > This really does have huge implications for the open-source movement. > Arbitrary regulation by non-governmental agencies, demanding fees from > anyone who dares to provide an interface to their API. Ugly. I > simply don't see how anyone could justify the $500 yearly listing fee, > for example. Obviously, they don't have to justify anything. Yet, I > don't want to abandon Bursar, nor do I want to make store owners lie > on their applications to get merchant accounts. > > Thoughts from anyone? Anyone willing to pony up part of the > application fee? Should we move to a "suggested donation" system? > Administrated by whom? I'd do it, reluctantly, but again - a can of > worms. > > -- > Bruce Kroeze > http://www.ecomsmith.com > It's time to hammer your site into shape. > > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google Groups > "Satchmo users" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<satchmo-users%[email protected]> > For more options, visit this group at > http://groups.google.com/group/satchmo-users?hl=en > -~----------~----~----~----~------~----~------~--~--- > > -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
