Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : whither POV-Ray ?? : Re: whither POV-Ray ?? Server Time
25 Jun 2024 21:27:34 EDT (-0400)
  Re: whither POV-Ray ??  
From: Jim Henderson
Date: 27 Jul 2020 12:29:19
Message: <5f1f00df$1@news.povray.org>
 
On Mon, 27 Jul 2020 08:48:07 +0200, Thorsten wrote:

> On 26.07.2020 22:30, Jim Henderson wrote:
>> Given the international nature of the community, GDPR may also be a
>> consideration.  That's one of the big challenges these days with data
>> protection laws.
> 
> Ah, I have to deal with this every day in my day job. It isn't all that
> bad unless you want to milk the users for their data. There is exactly
> one thing missing for the user registration on povray.org and that is a
> way for the user to delete the account created. The reason is that the
> personal email address is considered private data and it is required to
> register because an email gets sent to it.

Yeah, the company I work for deals with it a lot as well, as well as 
another open source community that I participate in.

There are also other local regulations that come into play, like the 
California Consumer Privacy Act (CCPA).  With a lot of those laws, it 
doesn't matter if you are located there - if you have users/customers in 
those places, you're expected to follow the laws.

It's becoming a bit of a mess for small operators as a result.

> The other bigger issue of the website is, and I am sure Chris will
> address it once time allows, that it doesn't use HTTPS for the user data
> changes. Of course, nothing is gained by encryption given emails are
> public anyway, but still these days with browser vendors aggressively
> pushing encryption for marketing reasons, povray.org has little chance
> to escape this trend on the www site.

Yes, though there are ways of dealing with that now that are easier than 
they used to be - if anything, a 90-day LetsEncrypt certificate with an 
automated update is pretty easy to manage.

I run a couple of private sites that use authentication (my employer is 
in that business, so I play with the software in order to understand it 
better for my day job), and I use LE certificates for that, and have 
scripted the key pair rotation.

The certbot ACME client is pretty easy to use, and it does plug in with 
popular web servers pretty seamlessly.
-- 
"I learned long ago, never to wrestle with a pig. You get dirty, and 
besides, the pig likes it." - George Bernard Shaw


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.