This is quite frustrating and obnoxious. Not you, Dev, the process as
it relates to open-source projects.
Interestingly, one of the "best practices" suggested in the PA DSS
Program Guide (https://www.pcisecuritystandards.org/security_standards/pci_pa_dss.shtml)
is that the payment system should preferably be isolated from the cart
itself. That's exactly what I've been doing with django-bursar.
I'd even be willing - not eager, but willing - to do the assessment
and apply for certification. I'm confident that we already meet the
guidelines. However, there is no way I will personally assume the
cost of the $1250 application fee, the $125 listing fees for minor
updates, and the $500 yearly listing fee. I could kick in a couple
hundred, but I can't justify carrying the full load. I make a living
from Satchmo & Bursar, but it isn't so luxurious that I could afford
~$1,000-$2,000 a year in listing fees.
I think we need to come up with a strategy. If I could get
commitments from stores using Satchmo or Bursar to pay part of the
fees, then we could proceed, otherwise it simply is not worth my
effort to try since we'll be blocked by the fees.
Also, I think it is time for Satchmo and Bursar to be more formally
copyrighted. I think it will be required as part of the certification
process for the software to be "owned" by an actual legal entity.
This is a can of worms, of course. I own a company that would be
willing to assume the responsibilities of benevolent ownership, at
least of Bursar, but I'd need formal releases of rights to the code
from everyone involved. Luckily, that is largely me and Chris. A
couple of the payment modules would need rights releases, however.
This really does have huge implications for the open-source movement.
Arbitrary regulation by non-governmental agencies, demanding fees from
anyone who dares to provide an interface to their API. Ugly. I
simply don't see how anyone could justify the $500 yearly listing fee,
for example. Obviously, they don't have to justify anything. Yet, I
don't want to abandon Bursar, nor do I want to make store owners lie
on their applications to get merchant accounts.
Thoughts from anyone? Anyone willing to pony up part of the
application fee? Should we move to a "suggested donation" system?
Administrated by whom? I'd do it, reluctantly, but again - a can of
worms.
--
Bruce Kroeze
http://www.ecomsmith.com
It's time to hammer your site into shape.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Satchmo users" group.
To post to this group, send email to satchm...@googlegroups.com
To unsubscribe from this group, send email to satchmo-user...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Hey Bruce,I've been asked by my superiors here at Medium to look into this and find out how this matter is moving forward or if we have a plan yet for how it needs to move forward. Since Satchmo is our go-to e-commerce platform of record, we are interested in helping in either a financial or coding capacity, depending on what is actually needed.Any word you can give me on this so I can carry it before the board here?
--
You received this message because you are subscribed to the Google Groups "Satchmo users" group.
To post to this group, send email to satchm...@googlegroups.com.For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
To unsubscribe from this group, send email to satchmo-user...@googlegroups.com.
Can you help me understand what the PA DSS is all about? Is the
payment card industry creating a list of "approved" shopping cart
systems and wants all shopping cart developers to fork out $1250 to be
on a list?
On Wed, 25 Nov 2009 21:10:25 -0800
> So, the PSA DSS initiative seems to be a nice way to rack up a fewCompletely agree with that.
> more dollars, close out the small competitors, and look like you are
> standing up for security. Bleah.
However, is it really that bleak? From looking at the SagePay pages
http://www.sagepay.com/integrating_sagepay.asp
"Sage Pay Go with Server integration is recommended to merchants who
want to run order & transaction reports on their own servers, but don’t
want to invest in their own digital certificate or collect credit card
details on their own website... This instantly reduces the need for
high-level PCI DSS compliance and doesn’t compromise your customers’
shopping experience on your site."
On Thu, 26 Nov 2009 14:09:15 -0800
> ButIn what way? I quite often use Protx/SagePay merchants and it seems
> it is a different experience than paying with a credit card, like a
> "real" store.
quite normal to me. SagePay also offer an iframe solution (horrible I
know) but it does integrate into your site.