Is nightlies.apache.org also affected? Our flaky tests page requires some 3rd dependencies, if they are banned the page will be broken...
Nick Dimiduk <ndimi...@apache.org> 于2025年1月17日周五 22:55写道: > > I took a look over on https://whimsy.apache.org/site/project/hbase > > I think that our cloudflare links will break for this change. > > On Fri, Jan 17, 2025 at 3:43 PM Nick Dimiduk <ndimi...@apache.org> wrote: > > > > Heya team, > > > > We should add an investigation into this change to our backlog. > > > > If you want to get involved with the project and you know anything > > about website hosting, now is a great opportunity to participate. > > > > Thanks, > > Nick > > > > ---------- Forwarded message --------- > > From: Daniel Gruno <humbed...@apache.org> > > Date: Sat, Jan 11, 2025 at 11:18 PM > > Subject: [NOTICE] New Content Security Policy for all ASF project websites > > To: <annou...@infra.apache.org> > > > > > > Hello, wonderful ASF projects (via annou...@infra.apache.org), > > > > In keeping with the times, evermore focused on respecting the privacy > > and security of our users, we will be enforcing a Content Security > > Policy (CSP) for all project websites as of March 1st, 2025. > > > > On February 1st, we will begin a brownout, during which we will turn on > > the new CSP briefly, then turn it off again, giving people a chance to > > detect and report any elements on websites that have stopped working as > > a result. > > > > On March 1st, the new CSP will become permanent. > > > > In its condensed form, what this means for your project website is: > > > > - External trackers from 3rd party providers are NO LONGER allowed[1]. > > - External resources from providers with which we do not have a > > Data Processing Agreement (DPA) are NO LONGER allowed[2]. > > > > This change will bring project websites into alignment with the security > > and privacy parameters[3] as defined by the VP, Data Privacy and > > requested by the ASF Security Committee. > > > > We ask that projects do not circumvent them without express permission > > from our VP, Data Privacy. > > > > We understand that this may cause disruption to some sites and are as > > always willing to help projects adjust their sites to meet the new > > mandates. We also wish to note that the most commonly asked questions > > can be answered by the three footnotes at the bottom of this email. > > > > if you have questions surrounding the technical implementation of the > > CSP, send them to us at us...@infra.apache.org. For the implementation > > itself, and the new limitations imposed on websites, please refer to the > > following pull request for details: > > https://github.com/apache/infrastructure-p6/pull/2025/files > > > > If you have any questions about existing privacy agreements or privacy > > policies, get in touch with priv...@apache.org. Any additions to our > > existing website privacy policy should also be suggested here. > > > > We also welcome you to read up on our current privacy policies at: > > https://privacy.apache.org/ > > > > > > With regards, > > Daniel on behalf of ASF Infra. > > > > > > [1] The ASF offers Matomo analytics for all project websites through > > https://analytics.apache.org/ > > [2] If you have a DPA request or inquiry, contact priv...@apache.org > > They can also tell you if a provider already signed a DPA > > [3] https://privacy.apache.org/policies/website-policy.html
