On Fri, 25 Jul 2025 at 19:09, Kevin Liu <kevinjq...@apache.org> wrote: > > Dear Privacy Team, > > (+ cc datafusion dev list)
Note mixed public and private email lists. > I'm writing on behalf of the Apache DataFusion project to request your > approval to use Giscus <https://giscus.app>, a GitHub-powered open source > comment widget, on our project website: https://datafusion.apache.org. > > We plan to embed Giscus to enable blog post discussions via GitHub > Discussions (For more context, see > https://github.com/apache/datafusion-site/issues/80). It is a lightweight, > open-source tool that integrates directly with GitHub APIs and does not use > tracking cookies or third-party analytics. > > To enable this, we would need to add `https://giscus.app` to the site's > `Content-Security-Policy` under `script-src`. ASF Infra has advised > <https://issues.apache.org/jira/browse/INFRA-27070> that we must first > receive your sign-off before proceeding with this change. Can the Javascript be hosted locally? If so, does the user have to do anything to start using the app, or does the JS generate requests in the background without any interaction from the user? If Giscus requires positive action from the user before any data is exchanged, then it may not be necessary to get a DPA. > Relevant details: > - Giscus website: https://giscus.app > - Source code: https://github.com/giscus/giscus > - Data is stored on the Datafusion GitHub repo (via Github's Discussions > API); Giscus is a frontend wrapper > - We do not collect or store any user data ourselves > > Please let us know if we can proceed or if you need more information. > > Best regards, > Kevin Liu --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org For additional commands, e-mail: dev-h...@datafusion.apache.org