In an ideal world then I would definitely be pushing for a fully wikimedia hosted online shop. I completely agree with the principles you've raised. But moving in-house would require resources for building and maintaining an ecommerce workflow that I don't think we collectively can justify. The setup and maintenance of any solution would require a degree of people power that I personally think could be spent better elsewhere in the movement as I am sure you would agree.
Throwing together an e-commerce site can be easy. But doing it well, ensuring you are PCI compliant, ensuring its stable, secure etc. etc. and making it user friendly both front and back end. That takes time and money. Even if we did all that we would still in end up using a third party payment gateway. To ensure the shop is viable and not a drain we need to keep it as efficient as possible.
As Marc said Shopify may not be completely FLOSS but many of the frameworks that Shopify use in their hosted service are on available on Github [1] and I would encourage you to take a look.
With regards to the URL, I as a customer would find a top 10 website sending me to a third party URL for their shop highly suspicious and I certainly could treat it with suspicion. Making it clear that it is hosted by shopify I think would at least improve the situation.
Regards
Seddon
On Mon, Mar 21, 2016 at 7:34 PM, Ricordisamoa ricordisamoa@openmailbox.org wrote:
Il 21/03/2016 13:14, Marc A. Pelletier ha scritto:
On 2016-03-21 8:03 AM, Ricordisamoa wrote:
As in [1] I'd like to know whether the use of Shopify is acceptable for
a
FOSS-friendly organization. Thanks in advance.
While Shopify isn't FLOSS-only, they're a fairly okay place that does contribute to FLOSS themselves (mostly in the Ruby and Go worlds, that intersect very little with our own tech).
I don't think it's reasonable to expect that every external supplier is all-FLOSS. For one, the movement would be pretty much stuck without hardware, networking gear, and power at the very least. Not every service/provider even *have* pure-FLOSS alternative - let alone good or
even
adequate ones.
-- Coren / Marc
My concern was about the (likely proprietary) JavaScript that is run on
the
customers' devices, but it turns out that it isn't actually required to browse and purchase?
I very quickly looked, and it appears to be mostly open libraries and Shopify specific code for making purchases. However any amount of tracking could be hidden somewhere in their JavaScript, and an audit today doesnt mean it is safe to use tomorrow, as the source code is not publicly reviewed before being deployed.
And yes, it'd be nice if the server side was under WMF's control too!
IMO it is more important that any service on the "wikimedia.org" domain (and others owned by WMF) is free software.
Outsourcing the service provision is fine, provided the software is free software and the delegated service provider abides by our terms of use and privacy policy.
If we need to run non-free services, that isnt free software or can't comply with our terms of use and privacy policy, it should be hosted on a different domain, preferrably the domain of the service provider so that it is abundantly clear who the transaction is really with.
-- John Vandenberg
_______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe