On Mon, Mar 21, 2016 at 7:34 PM, Ricordisamoa ricordisamoa@openmailbox.org wrote:
Il 21/03/2016 13:14, Marc A. Pelletier ha scritto:
On 2016-03-21 8:03 AM, Ricordisamoa wrote:
As in [1] I'd like to know whether the use of Shopify is acceptable for a FOSS-friendly organization. Thanks in advance.
While Shopify isn't FLOSS-only, they're a fairly okay place that does contribute to FLOSS themselves (mostly in the Ruby and Go worlds, that intersect very little with our own tech).
I don't think it's reasonable to expect that every external supplier is all-FLOSS. For one, the movement would be pretty much stuck without hardware, networking gear, and power at the very least. Not every service/provider even *have* pure-FLOSS alternative - let alone good or even adequate ones.
-- Coren / Marc
My concern was about the (likely proprietary) JavaScript that is run on the customers' devices, but it turns out that it isn't actually required to browse and purchase?
I very quickly looked, and it appears to be mostly open libraries and Shopify specific code for making purchases. However any amount of tracking could be hidden somewhere in their JavaScript, and an audit today doesnt mean it is safe to use tomorrow, as the source code is not publicly reviewed before being deployed.
And yes, it'd be nice if the server side was under WMF's control too!
IMO it is more important that any service on the "wikimedia.org" domain (and others owned by WMF) is free software.
Outsourcing the service provision is fine, provided the software is free software and the delegated service provider abides by our terms of use and privacy policy.
If we need to run non-free services, that isnt free software or can't comply with our terms of use and privacy policy, it should be hosted on a different domain, preferrably the domain of the service provider so that it is abundantly clear who the transaction is really with.