Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update site to comply with ASF privacy site checks #423

Merged
merged 1 commit into from
May 1, 2024
Merged

Update site to comply with ASF privacy site checks #423

merged 1 commit into from
May 1, 2024

Conversation

ctubbsii
Copy link
Member

@ctubbsii ctubbsii commented May 1, 2024
edited
Loading

See https://whimsy.apache.org/site/project/accumulo

  • Add link to ASF privacy policy in ASF links section of navigation
  • Stop linking to external CDNs for our default page layout. Instead, copy the resources, so they are hosted by our site. We don't really need the integrity checks to verify the downloads from CDN sites anymore. It adds no security since we're hosting them on the same service that would provide the checksum (same security domain for users to trust), and removing them alleviates the browser from that unnecessary work.
  • Standardize how resources are specified, so they are more consistent and easier to update, including converting the embedded <script> from _includes/scripts.html, which contained our own custom scripts for our site, into its own .js file.
  • Include free web fonts from fontawesome project, so the css can link
    to the ones we're hosting (downloaded from
    https://fontawesome.com/download, specifically
    https://use.fontawesome.com/releases/v6.4.2/fontawesome-free-6.4.2-web.zip)

This fixes #420

@ctubbsii ctubbsii requested a review from EdColeman May 1, 2024 20:37
@ctubbsii ctubbsii self-assigned this May 1, 2024
@ctubbsii
Copy link
Member Author

ctubbsii commented May 1, 2024

I don't think we should do this, as explained above, but if one really wanted to add the integrity checks back in, it would be something like:

shopt -s globstar
algo=sha384 # could replace with sha512
for x in css/*/**/*.css; do
  echo "<link rel=\"stylesheet\" type=\"text/css\" integrity=\"$algo-$(<$x openssl dgst -binary -$algo|openssl base64 -A)\" href=\"{{ site.baseurl }}/$x\">"
done
for x in js/*/**/*.js; do
  echo "<script type=\"text/javascript\" integrity=\"$algo-$(<$x openssl dgst -binary -$algo|openssl base64 -A)\" src=\"{{ site.baseurl }}/$x\"></script>"
done

(Note: I'm not sure if the order matters... some resources depend on other resources. So, you might not be able to use this output directly, but may have to re-order things.)

@ctubbsii
Update site to comply with ASF privacy site checks
8a8d717 
See https://whimsy.apache.org/site/project/accumulo

* Add link to ASF privacy policy in ASF links section of navigation
* Stop linking to external CDNs for our default page layout. Instead,
  copy the resources, so they are hosted by our site. We don't really
  need the integrity checks to verify the downloads from CDN sites
  anymore. It adds no security since we're hosting them on the same
  service that would provide the checksum (same security domain for
  users to trust), and removing them alleviates the browser from that
  unnecessary work.
* Standardize how resources are specified, so they are more consistent
  and easier to update, including converting the embedded `<script>`
  from `_includes/scripts.html`, which contained our own custom scripts
  for our site, into its own `.js` file.
* Include free web fonts from fontawesome project, so the css can link
  to the ones we're hosting (downloaded from
  https://fontawesome.com/download, specifically
  https://use.fontawesome.com/releases/v6.4.2/fontawesome-free-6.4.2-web.zip)

This fixes apache#420
@ctubbsii
Copy link
Member Author

ctubbsii commented May 1, 2024

@EdColeman I had to include the fonts from fontawesome also, so I've pushed an update after your review.

@ctubbsii ctubbsii requested a review from EdColeman May 1, 2024 21:24
@ctubbsii ctubbsii merged commit b58eceb into apache:main May 1, 2024
1 check passed
@ctubbsii ctubbsii deleted the privacy-update branch May 1, 2024 21:39
@DomGarguilo
Copy link
Member

Wasn't there a discussion somewhere else about not using minified resources? Or does that not apply in this case?

This was referenced May 2, 2024
Closed
Merged
@ctubbsii
Copy link
Member Author

ctubbsii commented May 2, 2024

Wasn't there a discussion somewhere else about not using minified resources? Or does that not apply in this case?

That is true for project source code that we release. Minified resources are not considered "open source" software, so we should not distribute them as such. However, for the website, we're just using them as libraries... we're not distributing them as part of our open source software releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EdColeman EdColeman EdColeman approved these changes

Assignees

@ctubbsii ctubbsii

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve ASF web-checker issues.
3 participants
@ctubbsii @DomGarguilo @EdColeman