[GitHub] [incubator-annotator-website] Treora commented on pull request #31: Address Privacy issues

[GitBox <gi...@apache.org>]

Treora commented on PR #31:
URL: https://github.com/apache/incubator-annotator-website/pull/31#issuecomment-1316745969

   Thank you! Indeed the loading of third-party resources should never have happened, I somehow thought that had already been fixed long ago. We could add a CSP in a `<meta>` tag to prevent any accidental data leakage.
   
   When incorporating the third-party files, we should clarify their copyright/licence. Both appear to be MIT-licensed. We can add an SPDX header to the top, but may have to do more to satisfy Apache’s requirements (I see some info [in the FAQ](https://www.apache.org/foundation/license-faq.html#code-developed-elsewhere-received-under-a-category-a-license-incorporated-into-apache-projects-distributed-by-apache-and-licensed-to-downstream-users-under-its-original-license)). Not sure if the website code has other rules than the project code itself.
   
   Could you please commit only the changes made in `src`? (feel free to force-push to the branch) I can then build and publish it as a separate step.
   
   And a tiny suggestion for a next time: making separate commits (or even separate PRs) for the different changes would help reviewing them.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@annotator.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org