httpd-dev.2012 at velox
May 20, 2012, 11:07 PM
Post #4 of 4
On 20.05.2012 14:47, Daniel Gruno wrote:
Re: [Result] Re: [Vote] Add commentary system to httpd docs
[In reply to]
> This will effectively make for two (or three) new votes for adopting
> each piece:
> methods used as they get implemented - see the draft at
Thanks for preparing this draft. As previously stated, I consider such a
policy a mandatory requirement before integrating any tool into
httpd.apache.org which systematically processes user data .
The section "Additional tracking by third parties" of the draft
currently says: "The Apache HTTP Server project makes use of additional
third party tools, such as the Disqus commentary system, which itself
may apply visitor tracking for internal purposes."
In the interest of an early declaration, let me say that I'm (rather
strongly) opposed to running the project's site in a way that requires
First, my expectation would be that an ASF project, and in particular
ours, is able to run the infrastructure of those features it considers
essential for its operations on its own. It's true that some other
projects are using Google Analytics, but this doesn't mean that others
should follow this practice, IMO.
Second, I see several technical issues when integrating third-party
tools which basically rely on JS code being injected into the HTML on
httpd.apache.org: "surreptitious" tracking is one of them, but it's also
problematic from a security point of view: by pulling in JS from remote
URLs we expose our visitors to the risk of running untrusted code in the
context of our site. (As an aside: having to turn off JS for
httpd.apache.org as a whole, as - rightfully - suggested in the draft
damage of disabling the newly-added syntax highlighting as well, which
seems quite unfortunate.)
Third, *iff* we really decide to do user tracking on httpd.apache.org,
it should at least be opt-in, not opt-out, in my view (i.e., we should
e.g. make sure to honor "DNT: 1" headers before pulling in JS tracking
code, and ensure that visitors agree to being tracked before we do so).
> - Implement the Disqus commentary system for the docs - see the proposal
> at http://wiki.apache.org/httpd/DocsCommentSystem
In the meantime I skimmed over its Terms Of Service , and it took me
only a short time to identify several elements which made me quite worried:
a) User Content: Disqus is granted a "a royalty-free, sublicensable,
transferable, perpetual, irrevocable, non-exclusive, worldwide license
to use, reproduce, modify, publish, list information regarding, edit,
translate, distribute, syndicate, publicly perform, publicly display,
and make derivative works of all such User Content" etc.
b) Changes to the service: "We may, without prior notice, change the
Service; stop providing the Service or features of the Service, to you
or to users generally; or create usage limits for the Service."
c) Advertisements: "You agree that Disqus may include advertisements
and/or content provided by Disqus and/or a third party (collectively
"Ads") as part of the implementation of the Service."
This just a small sample of rules I consider highly problematic, and to
be honest, they pretty much rule out the option of using Disqus on
httpd.apache.org, I think.
PHP's system, on the other hand, uses an approach  I'm completely
comfortable with: no dependencies on third-party sites, comments are
covered by a Creative Commons license, and do not rely on any remote JS
code or so.
> - Implement visitor tracking for the docs so we can improve on them -
> see proposal at http://wiki.apache.org/httpd/DocsAnalyticsProposal
I would highly prefer Piwik over the others (or more generally: a tool
we run ourselves, not a third-party service).
 see also
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200809.mbox/%3C48CF1C4A.1000904 [at] rowe-clan%3E
and other messages in that thread, e.g.