[
https://issues.apache.org/jira/browse/DELTASPIKE-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niall Pemberton updated DELTASPIKE-1478:
----------------------------------------
Description:
Hi Deltaspike Team
The ASF {_}*Privacy Policy*{_}[1][2] does not permit the use of _*Google
Analytics*_ on any ASF websites and the ASF Infra team will soon enforce a
{_}*Content Security Policy*{_}(CSP) that will block access to external
trackers:
* [https://lists.apache.org/thread/w34sd92v4rz3j28hyddmt5tbprbdq6lc]
Please could you remove the use of the Google Analytics from the Deltaspike
website (I will submit a PR request shortly to do that)?
* [https://lists.apache.org/thread/hrr1kqdqlzl2q9l59tvdzgos00q2lwkz]
The ASF hosts its own _*Matomo*_ instance to provide projects with analytics
and you can request a tracking id for your project by sending a mail to
*privacy AT apache.org.*
*
[https://privacy.apache.org/faq/committers.html#can-i-use-web-analytics-matomo]
Additionally I would recommend reviewing any external resources loaded by your
website. The Content Security Policy will prevent any resources being loaded
from 3rd Party providers that the ASF does not have a Data Processing Agreement
(DPA) with. On the 1st February Infra will begin a temporary "brownout" when
the CSP will be turned on for a short period. This will allow projects to check
which parts, if any, of their websites will stop working. The Privacy FAQ
answers a number of questions about which external providers are permitted or
not:
* [https://privacy.apache.org/faq/committers.html]
Thanks
Niall
[1] [https://privacy.apache.org/policies/website-policy.html]
[2] [https://privacy.apache.org/faq/committers.html#can-i-use-google-analytics]
[1] [https://privacy.apache.org/policies/website-policy.html]
was:
The Apache DeltaSpike website is using _*Google Analytics*_ which is not
permitted by the ASF Privacy Policy[1]. PMCs were notified of this by the VP
Data Privacy in April 2022:
*
[https://lists.apache.org/thread/nt60vs274k7xs2dwhfp2xpowv38nlt15|https://lists.apache.org/thread/hrr1kqdqlzl2q9l59tvdzgos00q2lwkz]
I will shortly create a PR request to Google Analytics from the DeltaSpike
website. The ASF hosts its own *_Matomo_* instance to provide projects with
analytics and you can request a tracking id for DeltaSpike by sending a mail to
privacy AT apache.org.
Please note that the ASF Infra team will be shortly be implementing a _*Content
Security Policy*_ that will block access to external trackers anyway
* [https://lists.apache.org/thread/w34sd92v4rz3j28hyddmt5tbprbdq6lc]
Thanks
Niall
[1] [https://privacy.apache.org/policies/website-policy.html]
> Remove Google Analytics DeltaSpike Website
> ------------------------------------------
>
> Key: DELTASPIKE-1478
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1478
> Project: DeltaSpike
> Issue Type: Task
> Security Level: public(Regular issues)
> Reporter: Niall Pemberton
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Hi Deltaspike Team
> The ASF {_}*Privacy Policy*{_}[1][2] does not permit the use of _*Google
> Analytics*_ on any ASF websites and the ASF Infra team will soon enforce a
> {_}*Content Security Policy*{_}(CSP) that will block access to external
> trackers:
> * [https://lists.apache.org/thread/w34sd92v4rz3j28hyddmt5tbprbdq6lc]
> Please could you remove the use of the Google Analytics from the Deltaspike
> website (I will submit a PR request shortly to do that)?
> * [https://lists.apache.org/thread/hrr1kqdqlzl2q9l59tvdzgos00q2lwkz]
> The ASF hosts its own _*Matomo*_ instance to provide projects with analytics
> and you can request a tracking id for your project by sending a mail to
> *privacy AT apache.org.*
> *
> [https://privacy.apache.org/faq/committers.html#can-i-use-web-analytics-matomo]
> Additionally I would recommend reviewing any external resources loaded by
> your website. The Content Security Policy will prevent any resources being
> loaded from 3rd Party providers that the ASF does not have a Data Processing
> Agreement (DPA) with. On the 1st February Infra will begin a temporary
> "brownout" when the CSP will be turned on for a short period. This will allow
> projects to check which parts, if any, of their websites will stop working.
> The Privacy FAQ answers a number of questions about which external providers
> are permitted or not:
> * [https://privacy.apache.org/faq/committers.html]
> Thanks
> Niall
> [1] [https://privacy.apache.org/policies/website-policy.html]
> [2]
> [https://privacy.apache.org/faq/committers.html#can-i-use-google-analytics]
> [1] [https://privacy.apache.org/policies/website-policy.html]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
