Dear Privacy Team,

(+ cc datafusion dev list)

I'm writing on behalf of the Apache DataFusion project to request your
approval to use Giscus <https://giscus.app>, a GitHub-powered open source
comment widget, on our project website: https://datafusion.apache.org.

We plan to embed Giscus to enable blog post discussions via GitHub
Discussions (For more context, see
https://github.com/apache/datafusion-site/issues/80). It is a lightweight,
open-source tool that integrates directly with GitHub APIs and does not use
tracking cookies or third-party analytics.

To enable this, we would need to add `https://giscus.app` to the site's
`Content-Security-Policy` under `script-src`. ASF Infra has advised
<https://issues.apache.org/jira/browse/INFRA-27070> that we must first
receive your sign-off before proceeding with this change.

Relevant details:
- Giscus website: https://giscus.app
- Source code: https://github.com/giscus/giscus
- Data is stored on the Datafusion GitHub repo (via Github's Discussions
API); Giscus is a frontend wrapper
- We do not collect or store any user data ourselves

Please let us know if we can proceed or if you need more information.

Best regards,
Kevin Liu

Reply via email to