Missing License
wedi opened this issue · comments
Hi André,
this repo is missing a license. Is this on purpose or just an oversight?
Mailcow's client documentation link (e.g. https://mailcow.github.io/mailcow-dockerized-docs/client/#host=example.com&email=name%40example.com&name=Name&port=443 ) imposes a serious problem as clicking it exposes highly personal data to a third party. I was quite surprised when I clicked that link and saw my private mail address on a github query string. Apart from personal preference this is most likely a GDPR relevant problem. Self hosting would be a solution to this problem.
Looking at mailcow's license the GNU FDL comes to my mind but this article suggests the Creative Commons' CC-BY-SA license might be a better choice.
imposes a serious problem as clicking it exposes highly personal data to a third party. I was quite surprised when I clicked that link and saw my private mail address on a github query string.
It is not exposed to anyone. This is not a query string, but an anchor. So it is never sent to the web server and only dealt with by the browser. It is accessible to the JavaScript on the documentation page, which runs in your browser and does not send the information anywhere.
ha. Good catch! I missed the hash. 🤗 Still, it is highly personal data running in the scope of a third party website.
I wouldn't call it highly personal. Anyone you email gets that information too.
If you are uncomfortable with it or worried that some day we'll add a nefarious Javascript that sends that data somewhere else, you could just delete the link from the respective PHP file. But since we decided to separate code and documentation, it seems like a worthwhile tradeoff.
Don't get me wrong, I totally understand the reasoning behind it and I do not believe you as a team are going to add some bad JS.
I just saw the following and am pretty sure that doing it unexpectedly for the user is a legal problem as we have the GDPR in effect:
- Name and E-Mail is put into the hands of a third party.
- IP gets sent to servers in the US
- Cookies that make it possible to track a user are set without expressed consent
I wanted to mention it as it should be discussed to prevent someone from mailcow's community getting into trouble. It would be cool to solve it while maintaining the userfriendlyness you are achieving with this link.
As a temporary solution I'd like to self host the documentation. That's why I am asking you, or rather @andryyy as he is mentioned as the copyright owner, to add a license statement to this repo.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.