Michael wrote: > PS: One [minor] thing this includes, other than the more important visual >> overhaul, is drop the use of https://about.scarf.sh (with this change), >> which given yesterday's "[NOTICE] New Content Security Policy for all ASF >> project websites" to annou...@infra.apache.org & us...@infra.apache.org >> might have to go anyway. >> > In part that announcement by ASF[1] reads: "External resources from providers with which we do not have a Data Processing Agreement (DPA) are NO LONGER allowed."
The new policy does NOT exclude Scarf because - as noted previously - Scarf has signed a DPA with ASF. We covered this discussion previously and also documented it: https://cwiki.apache.org/confluence/display/FINERACT/FSIP-2+Scarf+Data+Tracking Can I use Scarf to analyze our downloads? Yes: Scarf has signed a DPA with us, fully supports the GDPR and was added to our privacy terms. It is possible to use their service." [2] [1] https://lists.apache.org/thread/w34sd92v4rz3j28hyddmt5tbprbdq6lc [2] https://privacy.apache.org/faq/committers.html
