In an ideal world then I would definitely be pushing for a fully wikimedia
hosted online shop. I completely agree with the principles you've raised.
But moving in-house would require resources for building and maintaining an
ecommerce workflow that I don't think we collectively can justify. The
setup and maintenance of any solution would require a degree of people
power that I personally think could be spent better elsewhere in the
movement as I am sure you would agree.

Throwing together an e-commerce site can be easy. But doing it well,
ensuring you are PCI compliant, ensuring its stable, secure etc. etc. and
making it user friendly both front and back end. That takes time and money.
Even if we did all that we would still in end up using a third party
payment gateway. To ensure the shop is viable and not a drain we need to
keep it as efficient as possible.

As Marc said Shopify may not be completely FLOSS but many of the frameworks
that Shopify use in their hosted service are on available on Github [1] and
I would encourage you to take a look.

With regards to the URL, I as a customer would find a top 10 website
sending me to a third party URL for their shop highly suspicious and I
certainly could treat it with suspicion. Making it clear that it is hosted
by shopify I think would at least improve the situation.



On Mon, Mar 21, 2016 at 7:34 PM, Ricordisamoa
<> wrote:
> Il 21/03/2016 13:14, Marc A. Pelletier ha scritto:
>> On 2016-03-21 8:03 AM, Ricordisamoa wrote:
>>> As in [1] I'd like to know whether the use of Shopify is acceptable for
>>> FOSS-friendly organization. Thanks in advance.
>> While Shopify isn't FLOSS-only, they're a fairly okay place that does
>> contribute to FLOSS themselves (mostly in the Ruby and Go worlds, that
>> intersect very little with our own tech).
>> I don't think it's reasonable to expect that every external supplier is
>> all-FLOSS.  For one, the movement would be pretty much stuck without
>> hardware, networking gear, and power at the very least.  Not every
>> service/provider even *have* pure-FLOSS alternative - let alone good or
>> adequate ones.
>> -- Coren / Marc
> My concern was about the (likely proprietary) JavaScript that is run on
> customers' devices, but it turns out that it isn't actually required to
> browse and purchase?

I very quickly looked, and it appears to be mostly open libraries and
Shopify specific code for making purchases.
However any amount of tracking could be hidden somewhere in their
JavaScript, and an audit today doesnt mean it is safe to use tomorrow,
as the source code is not publicly reviewed before being deployed.

> And yes, it'd be nice if the server side was under WMF's control too!

IMO it is more important that any service on the ""
domain (and others owned by WMF) is free software.

Outsourcing the service provision is fine, provided the software is
free software and the delegated service provider abides by our terms
of use and privacy policy.

If we need to run non-free services, that isnt free software or can't
comply with our terms of use and privacy policy, it should be hosted
on a different domain, preferrably the domain of the service provider
so that it is abundantly clear who the transaction is really with.

John Vandenberg

Wikimedia-l mailing list, guidelines at:
New messages to:
Wikimedia-l mailing list, guidelines at:
New messages to:

Reply via email to