I took a look over on https://whimsy.apache.org/site/project/hbase

I think that our cloudflare links will break for this change.

On Fri, Jan 17, 2025 at 3:43 PM Nick Dimiduk <ndimi...@apache.org> wrote:
>
> Heya team,
>
> We should add an investigation into this change to our backlog.
>
> If you want to get involved with the project and you know anything
> about website hosting, now is a great opportunity to participate.
>
> Thanks,
> Nick
>
> ---------- Forwarded message ---------
> From: Daniel Gruno <humbed...@apache.org>
> Date: Sat, Jan 11, 2025 at 11:18 PM
> Subject: [NOTICE] New Content Security Policy for all ASF project websites
> To: <annou...@infra.apache.org>
>
>
> Hello, wonderful ASF projects (via annou...@infra.apache.org),
>
> In keeping with the times, evermore focused on respecting the privacy
> and security of our users, we will be enforcing a Content Security
> Policy (CSP) for all project websites as of March 1st, 2025.
>
> On February 1st, we will begin a brownout, during which we will turn on
> the new CSP briefly, then turn it off again, giving people a chance to
> detect and report any elements on websites that have stopped working as
> a result.
>
> On March 1st, the new CSP will become permanent.
>
> In its condensed form, what this means for your project website is:
>
> - External trackers from 3rd party providers are NO LONGER allowed[1].
> - External resources from providers with which we do not have a
>    Data Processing Agreement (DPA) are NO LONGER allowed[2].
>
> This change will bring project websites into alignment with the security
> and privacy  parameters[3] as defined by the VP, Data Privacy and
> requested by the ASF Security Committee.
>
> We ask that projects do not circumvent them without express permission
> from our VP, Data Privacy.
>
> We understand that this may cause disruption to some sites and are as
> always willing  to help projects adjust their sites to meet the new
> mandates. We also wish to note  that the most commonly asked questions
> can be answered by the three footnotes at the bottom of this email.
>
> if you have questions surrounding the technical implementation of the
> CSP, send them to us at us...@infra.apache.org. For the implementation
> itself, and the new limitations imposed on websites, please refer to the
> following pull request for details:
> https://github.com/apache/infrastructure-p6/pull/2025/files
>
> If you have any questions about existing privacy agreements or privacy
> policies, get in touch with priv...@apache.org. Any additions to our
> existing website privacy policy should also be suggested here.
>
> We also welcome you to read up on our current privacy policies at:
> https://privacy.apache.org/
>
>
> With regards,
> Daniel on behalf of ASF Infra.
>
>
> [1] The ASF offers Matomo analytics for all project websites through
>      https://analytics.apache.org/
> [2] If you have a DPA request or inquiry, contact priv...@apache.org
>      They can also tell you if a provider already signed a DPA
> [3] https://privacy.apache.org/policies/website-policy.html

Reply via email to