Updated review of GitLab

[Tristan Miller]

Dear all,

A few days ago I received the message below from GitLab.  To summarize,
their managed source hosting service at Gitlab.com will be serving
proprietary JavaScript code that may be used to report "telemetry" to a
third-party service.

I imagine that GitLab will continue to work when this proprietary
JavaScript code is blocked (though I haven't tested this myself).  So
probably GitLab still meets Criterion C0.  However, the fact that
visitors will be tracked and reported to other organizations means that
GitLab now fails Criterion B1.  So Criterion B1 should now be
mentioned in GitLab's list of "Things that prevent GitLab from moving
up to the next grade, B".

Regards,
Tristan


Begin forwarded message:

Date: Wed, 23 Oct 2019 20:45:43 +0000
From: The GitLab Team <address@hidden>
To: <address@hidden>
Subject: Important Updates to our Terms of Service and Telemetry
Services


Dear Tristan Miller,

We have launched important updates to our Terms of Service surrounding
our use of telemetry services. Starting with GitLab 12.4, existing
customers who use our proprietary products (that is, GitLab.com and the
Enterprise Edition of our self-managed offerings) may notice additional
Javascript snippets that will interact with GitLab and/or third-party
SaaS telemetry service (such as Pendo).

For GitLab.com users:  as we roll out this update you will be prompted
to accept our new Terms of Service. Until the new Terms are accepted
access to the web interface and API will be blocked. So, for users who
have integrations with our API this will cause a brief pause in service
via our API until the terms have been accepted by signing in to the web
interface.

For Self-managed users: GitLab Core will continue to be free software
with no changes. If you want to install your own instance of GitLab
without the proprietary software being introduced as a result of this
change, GitLab Community Edition (CE) remains a great option. It is
licensed under the MIT license
(https://en.wikipedia.org/wiki/MIT_License) and will contain no
proprietary software. Many open source software projects use GitLab CE
for their SCM and CI needs. Again, there will be no changes to GitLab
CE.

Key Updates:

- GitLab.com (GitLab’s SaaS offering)and GitLab's proprietary
  Self-Managed packages (Starter, Premium, and Ultimate) will now
  include additional Javascript snippets (both open source and
  proprietary) that will interact with both GitLab and possibly
  third-party SaaS telemetry services (we will be using
  Pendo(https://www.pendo.io)).

- We will disclose all such usage in our privacy policy, as well as
  what we are using the data for. We will also ensure that any
  third-party telemetry service we use will have data protection
  standards at least as strong as GitLab and we will aim for SOC2
  compliance. Pendo is SOC2 compliant.

If you have any questions please contact us at address@hidden


Thank you,

GitLab Team

==============================================
You are receiving this email because you have an active repository on
GitLab.com


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                  Tristan Miller
Free Software developer, ferret herder, logologist
             https://logological.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

pgpEzC8AoGClV.pgp
Description: OpenPGP digital signature