Oh it definitely would be grossly negligent, but the amount of technical systems I’ve seen that somebody should have a stake in but wasn’t actually involved with… well, if Legal’s purview ends at writing up those terms, Compliance made sure they’re up in an appropriate place and nobody thought to put “make sure they are automatically involved of any change affecting this” on the checklist, all the boxes have been ticked and they won’t notice until the fallout starts hitting.
In an ideal world, any change to the master branch of that repo or to the repo itself should require the approval of a technically versed member of Legal/Compliance (or one of each, if they’re separate teams). In reality, that approval process may well exist only on paper, with no technical safeguards to enforce it.
Oh it definitely would be grossly negligent, but the amount of technical systems I’ve seen that somebody should have a stake in but wasn’t actually involved with… well, if Legal’s purview ends at writing up those terms, Compliance made sure they’re up in an appropriate place and nobody thought to put “make sure they are automatically involved of any change affecting this” on the checklist, all the boxes have been ticked and they won’t notice until the fallout starts hitting.
In an ideal world, any change to the master branch of that repo or to the repo itself should require the approval of a technically versed member of Legal/Compliance (or one of each, if they’re separate teams). In reality, that approval process may well exist only on paper, with no technical safeguards to enforce it.