Re: Updated review of GitLab

[Ian Kelling]

Tristan, thanks for bringing this up. They announced that they canceled
those plans, but if they reinstate them, then I agree.

Tristan Miller <address@hidden> writes:

> Dear all,
>
> A few days ago I received the message below from GitLab.  To summarize,
> their managed source hosting service at Gitlab.com will be serving
> proprietary JavaScript code that may be used to report "telemetry" to a
> third-party service.
>
> I imagine that GitLab will continue to work when this proprietary
> JavaScript code is blocked (though I haven't tested this myself).  So
> probably GitLab still meets Criterion C0.  However, the fact that
> visitors will be tracked and reported to other organizations means that
> GitLab now fails Criterion B1.  So Criterion B1 should now be
> mentioned in GitLab's list of "Things that prevent GitLab from moving
> up to the next grade, B".
>
> Regards,
> Tristan
>
>
> Begin forwarded message:
>
> Date: Wed, 23 Oct 2019 20:45:43 +0000
> From: The GitLab Team <address@hidden>
> To: <address@hidden>
> Subject: Important Updates to our Terms of Service and Telemetry
> Services
>
>
> Dear Tristan Miller,
>
> We have launched important updates to our Terms of Service surrounding
> our use of telemetry services. Starting with GitLab 12.4, existing
> customers who use our proprietary products (that is, GitLab.com and the
> Enterprise Edition of our self-managed offerings) may notice additional
> Javascript snippets that will interact with GitLab and/or third-party
> SaaS telemetry service (such as Pendo).
>
> For GitLab.com users:  as we roll out this update you will be prompted
> to accept our new Terms of Service. Until the new Terms are accepted
> access to the web interface and API will be blocked. So, for users who
> have integrations with our API this will cause a brief pause in service
> via our API until the terms have been accepted by signing in to the web
> interface.
>
> For Self-managed users: GitLab Core will continue to be free software
> with no changes. If you want to install your own instance of GitLab
> without the proprietary software being introduced as a result of this
> change, GitLab Community Edition (CE) remains a great option. It is
> licensed under the MIT license
> (https://en.wikipedia.org/wiki/MIT_License) and will contain no
> proprietary software. Many open source software projects use GitLab CE
> for their SCM and CI needs. Again, there will be no changes to GitLab
> CE.
>
> Key Updates:
>
> - GitLab.com (GitLab’s SaaS offering)and GitLab's proprietary
>   Self-Managed packages (Starter, Premium, and Ultimate) will now
>   include additional Javascript snippets (both open source and
>   proprietary) that will interact with both GitLab and possibly
>   third-party SaaS telemetry services (we will be using
>   Pendo(https://www.pendo.io)).
>
> - We will disclose all such usage in our privacy policy, as well as
>   what we are using the data for. We will also ensure that any
>   third-party telemetry service we use will have data protection
>   standards at least as strong as GitLab and we will aim for SOC2
>   compliance. Pendo is SOC2 compliant.
>
> If you have any questions please contact us at address@hidden
>
>
> Thank you,
>
> GitLab Team
>
> ==============================================
> You are receiving this email because you have an active repository on
> GitLab.com