Dear Privacy Team, (+ cc datafusion dev list)
I'm writing on behalf of the Apache DataFusion project to request your approval to use Giscus <https://giscus.app>, a GitHub-powered open source comment widget, on our project website: https://datafusion.apache.org. We plan to embed Giscus to enable blog post discussions via GitHub Discussions (For more context, see https://github.com/apache/datafusion-site/issues/80). It is a lightweight, open-source tool that integrates directly with GitHub APIs and does not use tracking cookies or third-party analytics. To enable this, we would need to add `https://giscus.app` to the site's `Content-Security-Policy` under `script-src`. ASF Infra has advised <https://issues.apache.org/jira/browse/INFRA-27070> that we must first receive your sign-off before proceeding with this change. Relevant details: - Giscus website: https://giscus.app - Source code: https://github.com/giscus/giscus - Data is stored on the Datafusion GitHub repo (via Github's Discussions API); Giscus is a frontend wrapper - We do not collect or store any user data ourselves Please let us know if we can proceed or if you need more information. Best regards, Kevin Liu