CHATONS: Gna! presentation

Side note, Enough already is a member of the collective.

1 Like

Draft application:


[candidature] Hostea, Gitea’s paradise

Description

Hostea provides software forge hosting. It is operated by a horizontal collective.

Links


TODO based on the reviewer checklist:

  • [ ] hostea.org is onllne
  • [X] Users have access to the main information about the security policy.
  • [ ] Run mozilla observatory on the hostea.org
  • [X] People who have admin access, volunteers or employees commit to a charter regarding points of confidentiality and caution. (in the application form)
  • [ ] Backup information is listed on the applicant’s website (not just in the application). (in the ToS)
  • [ ] The site indicates where data is hosted (including backups). (in the ToS)
  • [ ] The site indicates the supplier(s)/subcontractor(s) of the future CHATONS (in the ToS)
  • [ ] The site indicates the degree of control the CHATONS has over its infrastructure (in the ToS)
  • [ ] The documentation details the global infrastructure (in the ToS link to enough doc)
  • [ ] The documentation informs about the processes required to deploy each service. (in the ToS link to enough doc)
  • [ ] CHATONS’ recurring procedures are documented (possibly in a private part). Example: how to make backups, statistics, how to create an account, a vps to a new person… (in the ToS link to enough doc)
  • [ ] A document or paragraph describing the security practices and measures to protect the data and infrastructure of the future CHATONS exists. (in the ToS link to enough unattended upgrades playbook)
  • [ ] A document on log retention times exists (in the Privacy section)
  • [ ] The General Terms of Use / GTU are accessible from the future CHATONS’ website. (link to ToS page)
  • [ ] There is a “Personal Data and Privacy” clause clearly stating what is the CHATONS’ policy regarding the practices covered. (link to privacy page)
  • [ ] The future CHATONS undertakes in its TOS[GTU] not to arrogate to itself any ownership rights to the content, data and metadata produced by the hosted or the users.
  • [ ] The GTU allow users to obtain the definitive deletion of any information (accounts and personal data) concerning the hosted, within the limits of legal and technical obligations.
  • [ ] The GTU provides for the possibility for hosted users to leave the services by recovering the associated data in open formats, where possible.
  • [ ] The Legal Notice is accessible from the future CHATONS’ website. (link to legalese link)
    • The name of the publication director (in the case of an organization, the legal name of the legal entity).
    • The name, first name, address and telephone number of the host.
    • If necessary, information regarding intellectual property rights (licensing of publications) and the storage policy of cookies and personal
  • [ ] The site allows all hosted people to communicate with the future CHATONS by highlighting at least one way to do so (support tracker in the ToS)
  • [ ] It is possible to physically meet, exchange, and participate in the future CHATONS. (add Paris address + name)

As much as I’d like for hostea to be part of the CHATONS collective, I have to acknowledge this is a secondary goal that is outside of the task list and that it would require time that I do not have. It is not enough to apply, there needs to be an active participation in the collective for this application to be meaningful.

The next deadline is December 2022 which leaves plenty of time to prepare. It is also possible to participate in the collective even before being a member. The only thing that one is not allowed to do is to claim to be a member.

Now would be a good time to resume the CHATONS application.

@natct & @dachary updated the application

@natct now that Hostea has been renamed Gna!, we should update the application accordingly.

@natct @realaravinth for the record, I updated the Gna! CHATONS application today to add the following:

  • [X] Providers and data localisation. Future CHATONS’ vendor(s)/subcontractor(s) are not inconsistent with the charter. If they are, the information is clearly indicated on the future CHATONS’ website. (the payment provider is incompatible with the CHATON charter Privacy | Gna!: Managed Gitea Hosting)

and added the corresponding section to the website.

We should also add a warning so the user is aware of which payment provider is used and what it means for their cookies / trackers on the page that contains a link to stripe.

1 Like