I took a look over on https://whimsy.apache.org/site/project/hbase
I think that our cloudflare links will break for this change. On Fri, Jan 17, 2025 at 3:43 PM Nick Dimiduk <ndimi...@apache.org> wrote: > > Heya team, > > We should add an investigation into this change to our backlog. > > If you want to get involved with the project and you know anything > about website hosting, now is a great opportunity to participate. > > Thanks, > Nick > > ---------- Forwarded message --------- > From: Daniel Gruno <humbed...@apache.org> > Date: Sat, Jan 11, 2025 at 11:18 PM > Subject: [NOTICE] New Content Security Policy for all ASF project websites > To: <annou...@infra.apache.org> > > > Hello, wonderful ASF projects (via annou...@infra.apache.org), > > In keeping with the times, evermore focused on respecting the privacy > and security of our users, we will be enforcing a Content Security > Policy (CSP) for all project websites as of March 1st, 2025. > > On February 1st, we will begin a brownout, during which we will turn on > the new CSP briefly, then turn it off again, giving people a chance to > detect and report any elements on websites that have stopped working as > a result. > > On March 1st, the new CSP will become permanent. > > In its condensed form, what this means for your project website is: > > - External trackers from 3rd party providers are NO LONGER allowed[1]. > - External resources from providers with which we do not have a > Data Processing Agreement (DPA) are NO LONGER allowed[2]. > > This change will bring project websites into alignment with the security > and privacy parameters[3] as defined by the VP, Data Privacy and > requested by the ASF Security Committee. > > We ask that projects do not circumvent them without express permission > from our VP, Data Privacy. > > We understand that this may cause disruption to some sites and are as > always willing to help projects adjust their sites to meet the new > mandates. We also wish to note that the most commonly asked questions > can be answered by the three footnotes at the bottom of this email. > > if you have questions surrounding the technical implementation of the > CSP, send them to us at us...@infra.apache.org. For the implementation > itself, and the new limitations imposed on websites, please refer to the > following pull request for details: > https://github.com/apache/infrastructure-p6/pull/2025/files > > If you have any questions about existing privacy agreements or privacy > policies, get in touch with priv...@apache.org. Any additions to our > existing website privacy policy should also be suggested here. > > We also welcome you to read up on our current privacy policies at: > https://privacy.apache.org/ > > > With regards, > Daniel on behalf of ASF Infra. > > > [1] The ASF offers Matomo analytics for all project websites through > https://analytics.apache.org/ > [2] If you have a DPA request or inquiry, contact priv...@apache.org > They can also tell you if a provider already signed a DPA > [3] https://privacy.apache.org/policies/website-policy.html