UPDATE:
Terms of Service are now finalized and located at https://www.drupal.org/terms.
Privacy Policy is now finalized and located at https://www.drupal.org/privacy


Almost half a year ago, with the help of the Drupal.org Content Working Group and lawyers, the Drupal Association started working on a Drupal.org Terms of Service (ToS) and Privacy Policy. After a number of drafts and rewrites, we are now ready to introduce both documents to Drupal.org users.

Why do we need a ToS?

Drupal.org has grown organically for many years. Currently the site has thousands of active users that generate lots of content every day. Our current Terms of Service are limited to a short line on the account creation form:

“Please note: All user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered.”

This line is an insufficient ToS for a website of our size. In fact, Drupal.org is probably the only website of this size which operates without a published Terms of Service. This situation is uncomfortable, and even dangerous, for both Drupal community and the Drupal Association, which is legally responsible for Drupal.org and its contents.

In the absence of a ToS, a lot of rules—“do’s and don’ts”—regarding the website are just “common knowledge” of users who have a long memory and accounts created in the early days of Drupal.org. This might result in new users making mistakes and misbehaving only because they do not know what the unwritten rules are. Website moderators often lack guidance on how to react in specific situations, because those policies are not written anywhere. Some policies, such as organization accounts policy or account deletion policy still need to be defined. Lastly, absence of clearly defined Terms of Service and Privacy Policy could lead to legal disputes regarding the site.

What’s next?

The new Drupal.org Terms of Service and Privacy Policy are published now for the community review. We'll continue refining them based on community feedback and announce the 'official' implementation day additionally. On that day all existing users will have to accept these ToS and Privacy Policy to continue using the website. All new users starting on that day will have to accept the ToS and Privacy Policy upon account creation.

Click to review Drupal.org Terms of Service

Click to review Drupal.org Privacy Policy

In the future, we will make sure to keep ToS and Privacy Policy up-to-date and update them every time policies or functionality of the website changes. We will proactively notify users of all modifications to both documents.

Thanks

We’d like to say thanks to the Drupal.org Content Working Group members and community members who already reviewed proposed documents and provided us with their valuable feedback.


UPDATE: Edits to the original drafts were made on 21st of August, 2014, based on feedback in comments to this post.

UPDATE #2 (03.09.2014): We are postponing ToS/PP official launch and will come back with an updated draft shortly.

Comments

dstol’s picture

Is there an issue queue where the community can comment on these documents?

tvn’s picture

You can comment right here.

pwolanin’s picture

I think this draft ToS is absurdly long and complex - it's about as friendly and accessible as a Microsoft EULA. The entire section F makes me a bit ill.

Overall, it needs to be cut to about 2 pages and kill the excessive legal boilerplate that comes across as user-hostile instead of community-enhancing.

Most of the bullets at the end of section B should go - condense them to about 3.

A ToS requirement to post in English seems misguided.

Minor, but this seems poorly worded and copy/pasted from someplace else:

The Website is operated by Drupal Association ("Company", "we" or "us")

should be more like:

The Website is operated by the Drupal Association ("Association", "we" or "us")

I would also suggest all references to "Company" be replaced by "Association"

---
Work: Acquia

catch’s picture

Pretty sure I've posted in (bad) Japanese at least once on Drupal.org.

gdemet’s picture

I agree that some of the legalese is pretty inaccessible, and one option that we discussed in the Content Working Group is having a plain language "translation" of some of the more complex sections. Is this something that would help mitigate some of your concerns?

pwolanin’s picture

No, please make the actual policy concise and plain language. Who is this for? lawyers or our community?

---
Work: Acquia

lvthunder’s picture

It's for the lawyers of course. They said in the post they were worried about legal action. Nowhere did it say the community was out of control.

Brian Altenhofel’s picture

Plain language is inherently unclear.

HowTheMarketWorks’s picture

I agree that the ToS is absurdly long and complex. However, I'm guessing it's all about protecting themselves. I am wondering if they actually care if anyone is reading/understanding it?

Are you new to the stock market? Play the stock game at Howthemarketworks.com

MARShot’s picture

That is a good point. It seems ridiculous that you have to read the ToS and the ToCs but you know 90% of people don't understand what the heck it is saying.

I am a proud professional that you can trust with your smog check Murrieta at murrieta-auto-repair.com.

tvn’s picture

I would also suggest all references to "Company" be replaced by "Association"

Good point, thanks. Will replace.

Jeff Burnz’s picture

In general, yes, I agree with your points.

dstol’s picture

After a quick reading..

From the ToS:

General comments:

While I appreciate there was, at least, some effort to make it simpler, there are many places that make my native english, well-educated head spin with legalese. Imagine a non-native speaker reading this; it needs to be simplified and boiled down. See http://500px.com/terms for a great example of boiled down.

There are some things here that make me worried: Binding 3rd party arbitration, no active notification of users of policy changes outside of a posted node. If you look at https://tosdr.org/classification.html, we are probably in the B-D range. It'd would be nice if we were an A.

You will not impersonate or attempt to impersonate the Drupal Association or a Drupal Association employee, another user, or person or entity (including, without limitation, the use of email addresses or screen names associated with any of the foregoing);

  • The security team regularly impersonates "another user, or person or entity" but I would imagine there are other teams that do things as other users from time to time.

You may link to the Website, provided you do so in a way that is fair and legal and does not suggest any form of association, approval or endorsement on our part where none exists. The Website must not be framed on any other site. You agree to cooperate with us in causing any unauthorized framing or linking immediately to cease. We reserve the right to withdraw linking permission without notice.

  • Some folks are associated, core committers, infrastructure members, security team, etc. Does this mean I can't link to d.o as David Stoline, Drupal security team member?
  • "We reserve the right to withdraw linking permission without notice" is funny.

From the Privacy Policy:

General comments:
No mention of historical data being used, stored, and processed, say I change my name, company, or gender, etc.

Information from Other Sources. We may collect information about you from other third party or public sources, such as from public forums, social networks (i.e., Facebook, LinkedIn, Twitter, or others), blogs, other users, or our business partners.

  • Absolutely not. How do I opt out?

We cannot delete your personal information except by also deleting your account.

  • I understand that we might not be able to control what 3rd parties do, but say profile information or other items in our control should be removable.
catch’s picture

Some folks are associated, core committers, infrastructure members, security team, etc. Does this mean I can't link to d.o as David Stoline, Drupal security team member?

Core committers don't have any formal association with the DA at all, so I'd assume not.

drupalshrek’s picture

I think the http://500px.com/terms are a good way of keeping the lawyers happy and the 99% rest of us who just want the general idea.

drupalshrek
Please fill in my Learning a foreign language questionnaire if you have a moment.

gdemet’s picture

Yep, the 500px approach is exactly what we were thinking of.

Mile23’s picture

Legalese is there for a reason. It's like coding standards. When you add a 'Basically...' column, you are making a second set of promises which are only tangentially related to the 'real' promises.

For instance if you look at 500px' 'User Conduct' section, it lists a bunch of things that a user shouldn't do. Then at the very bottom it says '500px reserves the right, but has no obligation, to monitor disputes between you and other users.' This is not mentioned in the 'basically...' synopsis, however. So which is wrong?

Is it better to leave that out of the synopsis? It'd be hard to add it, by saying something like, "We reserve the right to take sides with other users against you." That doesn't seem very nice. So it's omitted. Is that shady? You be the judge. :-)

tvn’s picture

No active notification of users of policy changes outside of a posted node.

We were definitely planning to have active notification - an email to website users in addition to blog post, Twitter, etc. Will clarify this in the ToS text. Thanks for notice.

nerdcore’s picture

Whenever a web site updates its ToS, it should be accompanied by active notification to its user (via email presumeably) with a reasonable grace period. It's absolutely no fair to say "as of NOW, our ToS has changed" and then expect people to loginn and continue using the service.

If there are material changes to the ToS, and if my use of the site constitutes acceptance (all too common), then I should be given notification with a chance to login and delete my content before the updates are imposed. I would suggest at least 72 hours notification when material changes to the ToS are to take place.

nerdcore’s picture

We may update or amend this Privacy Policy at any time. This Privacy Policy will reflect the date it was last updated or amended. If we make any material amendments, we will notify you by posting a notice of such amendments on this Website. All amendments will take effect immediately upon our posting of the updated Privacy Policy on this Website. Your continued use of this Website will indicate your acceptance of the changes to the Privacy Policy.

(emphasis mine)

so if I do not agree to the amendments, what recourse do I have to remove my account? Removal of my account would require accessing the Website, and thereby accepting the policy I disagree with. This makes no sense. How do I remove my account (and associated PII) without accepting the amended Policy?

tvn’s picture

Thanks for your comments. I clarified the text around notifications. We will send an email to all user accounts in case of material changes to both ToS and Privacy policy. We will send it 72 hours prior to changes going into effect.

jpwarren00’s picture

I think you've made a very important point about language. This TOS should definitely have a transitional project spun up to ensure everyone understands this explicit contract.

nerdcore’s picture

The content you publish will not promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.

This is HILARIOUS. Clearly written by lawyers who do not understand the world wide web. If you do not notify me, I cannot be expected to remove a link, and AFAIK "linking permission" is not a thing. I'll link whatever I damned well please on my site. Full Stop.

tvn’s picture

I removed 'without notice' part. Of course, everyone can link to whatever site they want on the web. The specific usecase we are covering here is, for example, if someone writes on their website "Drupal Association says we are the best Drupal hosting available" linking to us, we will ask them to remove the text and link.

tvn’s picture

The security team regularly impersonates "another user, or person or entity" but I would imagine there are other teams that do things as other users from time to time.

Not really, that would mean change someone's password and log in to their user account. Or create user account using someone elses name, bio, picture etc. Security team and development teams are not doing that.

Some folks are associated, core committers, infrastructure members, security team, etc. Does this mean I can't link to d.o as David Stoline, Drupal security team member?

You can link, as long as you don't say there is association or endorsement which does not exist. E.g. if you link and say "I am a board member of this association" when you aren't. Or "Association says we are the best Drupal services company in the world", when we don't.

No mention of historical data being used, stored, and processed, say I change my name, company, or gender, etc.

I added the link to Privacy policy to say that we store all the data in our backups for 2 weeks. So if you removed something from your user profile, this data will be completely gone in 2 weeks.

Information from Other Sources.

Removed this paragraph.

but say profile information or other items in our control should be removable.

And they are removable by users themselves.

pwolanin’s picture

The privacy policy is also so long as to be un-parseable except by a legal team.

It's very wordy and has a lot of duplicate text. This should also be cut to about 1.5 pages if it's going to be meaningfully understood to by any human.

---
Work: Acquia

hass’s picture

...to protect data in real. Here we have a lot stronger protection of personal data than in the US where the government grab anything they can spy. Also move the company home to DE to be no longer under patriot act force and to protect data. Everything else is useless and you could also put all the data to the public as NSA can request anything from you including passwords.

aj045’s picture

It's also extraordinarily costly to run a business in Germany (and Europe in general) when compared to the US. Even worse for non-profits. Not saying you're wrong about the issue of data privacy, but the decision on where to headquarter a business is a bit more complex.

lvthunder’s picture

What data does drupal.org have that you are worried about the government getting a hold of? As far as I know everything except your password is public anyways.

Mile23’s picture

Connection logs. Your IP. Your location. Your SSH key.

Brian Altenhofel’s picture

They only have a public key, and even then you should really be using unique keypairs per application.

greggles’s picture

Clarification: Your public ssh key.

--
CARD.com :)

hass’s picture

Don't forget d.o SSL certificate private keys, email addresses, emails send via contact form, etc.

Any maybe d.o collects other information in future.

joshtaylor’s picture

Considering that your public key is well... public ... does it really matter if it is out there?

Even github shows everyones public keys publicly.

greggles’s picture

I suggest sorting items by relevance. For example, items A.6 and A.7 should be at the top while A.1 and A.2 can be at the bottom.

--
CARD.com :)

tvn’s picture

Thanks, greggles, I moved the items you mentioned up.

dddave’s picture

If there is no important legal reason, "Company" as synonym for the DA has to go.
Wordings like this make this look very anti-user. Be aware that "binding arbitration" is seen but many (esp. consumer associations) as a very anti-user provision. I understand why it is there but for people who care about ToS it looks blergh (that said, I doubt most people will care).
Are these caps-lock segments really necessary?

Information from Other Sources. We may collect information about you from other third party or public sources, such as from public forums, social networks (i.e., Facebook, LinkedIn, Twitter, or others), blogs, other users, or our business partners.

I think this needs a bit more discussion. What? Why? Provide an opt-out.

The "Visiting the website from outside of the US"-segment made me smirk. Nice way to put it.

tvn’s picture

Are these caps-lock segments really necessary?

Sadly yes :( I did ask specifically for them not being caps, seems we have to keep them.

jbrauer’s picture

Sadly yes :( I did ask specifically for them not being caps, seems we have to keep them.

That being the case could we get an explanation of why that is? Normally this is done for no reason other than to make things look intimidating. Does it change the meaning of the words? Are these sections somehow more the terms of service than others? Can they possibly have special meaning if that special meaning isn't also explained in the document?

There are potentially both accessibility and issues for people who are not primarily English speakers with using this improperly formatted text. For example WCAG 2.0 draft contains the idea that "care in the use of all-capital letters where normal sentence case might increase comprehension".

From a quick read of a few sources like this it seems there are other means of accomplishing a requirement that certain clauses be conspicuous if that is the underlying reasoning.

tvn’s picture

Make things look intimidating is definitely not our motivation. Indeed, having that specific text be conspicuous is the main reason. While I personally don't like CAPs, similar to our community, legal community has own standards or established ways of doing certain things. Sadly CAPS is an established practice within legal community for conspicuous text requirement. Therefore, we really have to keep it. We did add a short line to explain why we have it. I hope it will look less intimidating now.

jbrauer’s picture

I've thought a great deal about this and was going to just walk away but this particular point is indicative of much of what has gone awry in this process.

A few points:

  • Screen readers (I tested with Voice Over) do not give the user any indication that text is "all caps" or in any other way designed to be 'conspicuous'. The can, however note markup that is designed to make text conspicuous.
  • The text that was added incorrectly states that the lawyers made us do something. Lawyers can not make any organization do anything. Lawyers can give bad advice. They can give good advice. They can be wrong. They can be right. They cannot make anyone do anything. It is the duty of the recipient of the advice to make a choice about how to act on the advice. A more accurate statement would be that they recommended it and we, as a community, didn't do enough to make it right — that we considered that advice more important than our users, our community.
  • Lest it seem all this is just conjecture the 9th Circuit court (among many others) addressed this over a decade ago:
    “Lawyers who think their caps lock keys are instant "make conspicuous" buttons are deluded. [...] A sentence in capitals, buried deep within a long paragraph in capitals will probably not be deemed conspicuous. Formatting does matter, but conspicuousness ultimately turns on the likelihood that a reasonable person would actually see a term in an agreement. Thus, it is entirely possible for text to be conspicuous without being in capitals.”

The issue here is more than following advice that courts have already called deluded. It is indicative of this whole document, the process. I've read it several times and nowhere does it give me any impression of the Drupal community, or even the drupal.org websites being anything remotely like what I've experienced over more than a decade. Sections differentiate some members of our community for branding with a special sub-class requiring parental consent yet, COPPA, the apparent genesis of such language, explicitly does not apply to nonprofits.

For a document more than 6-months in the making to be sprung on the community and only very minor edits made in a four week period where the whole of the community is then told to take or leave it is very un-Drupal. These documents are alienating and exclusive. The Drupal community is collaborative and inclusive. A small group of well-meaning and great-hearted people working in seclusion with a cadre of lawyers cannot produce the same caliber of document as a community working together. For this community member the leap from the content working group's charter to drafting these documents is a pretty big leap. Further the group has posted no meeting minutes since April, notably in April 2014 minutes the group was discussing translating pages on the site, which would now be banned by this ToS.

Can an alienating and exclusionary ToS really be a good thing for Drupal? Where is the transparency in this process? Even with the many comments here such a tiny fraction of our community has been engaged on this discussion to make such a sweeping change. What should happen? The process should start with a community discussion aligning our goals, what is important for our ToS? What values must it include? How do we reflect the inclusive and collaborative theme of the Drupal Code of Conduct (in outline form) in a document guiding our central online "home". With this guidance in hand a small group should then work with legal counsel, association staff etc on setting forth a draft that reflects our community values.

tvn’s picture

I updated both documents to replace all occurrences of 'Company' with 'Association'.

Information from Other Sources. We may collect information about you from other third party or public sources, such as from public forums, social networks (i.e., Facebook, LinkedIn, Twitter, or others), blogs, other users, or our business partners.

Since we don't actually collect or store any information about anyone, which can be found on other public sources, nor do we plan to, I removed this paragraph completely.

mpdonadio’s picture

The ToS is missing information on how to contact someone for questions concerning the ToS, reporting ToS violations, etc.

tvn’s picture

Good catch. Thank you!
We have contact information in Privacy policy doc only. Will copy to ToS.

tvn’s picture

Added contact information to ToS.

Darren Oh’s picture

I fail to see the point of much of section B.5. The point of a TOS is to define the conditions of legal use. If we try to specify illegal uses, there is no way to be sure we have provided a complete list. I suggest that we simply specify the legal jurisdiction we are operating under. Unlawful uses of a site are prohibited by definition. Even if we said an illegal use was allowed, it would still be prohibited.

stevepurkiss’s picture

Hi,

Thanks for all the effort that has gone into this. The only thing that stands out to me is the procedure for changes - it says a notice will be displayed on the website and continued use of the website means acceptance of these changes. I think it should be changed to require acceptance of these changes via an 'I accept' button like most other places do. If this is going to be the case then it's not clear within the current documents.

I also agree the general tone of the documents is quite technical & terse, I understand of course the reasons for that and love the example shown from http://500px.com/terms

Steve

tvn’s picture

Thanks, Steve. We'll clarify the wording around changes procedure.

tvn’s picture

I clarified the wording around change notifications. We will send an email prior to any material changes taking place.

gisle’s picture

[B.3] All code on Drupal.org is licensed under the GNU General Public License. See Licensing FAQs [https://drupal.org/licensing/faq] for more information on legal uses of Drupal.org content.

This overlaps with B.4 (which says that users need to comply with the Drupal Git Repository Usage policy), but as it currently stands, it is not even accurate. Not all code on Drupal.org is currently licensed under the GNU General Public License, see #2175005: [META] Changes are required before it will be safe to assume code from Drupal.org's git repo is really GPLv2+ or GPLv2 compatible.

The current reality is much more complex than "all code on Drupal.org is licensed under GPL". Even if the disregard the number of blatant violations of this policy that is deliberately ignored (e.g. jQuery update), we have an official whitelisting that permits non-GPL licenses that we consider compatible with GPL, so it should say: "All code on Drupal.org is licensed under the GNU General Public License or some license considered compatible with GPL".

However, there also exists non-code assets (mentioned in the Drupal Git Repository Usage policy but omitted from B.3), so to be complete, it should also mention non-code assets.

I think it will be very difficult to mirror all aspects of something as complex as Drupal Git Repository Usage policy in the ToS. Instead of presenting an inaccurate and incomplete version of it, we should just point to the Drupal Git Repository Usage policy.

In other words, I suggest that B.3 is deleted (since it is just an inaccurate version of B.4), and that the reference to the licensing FAQ is instead included in B.4. I think also B.4 can be made less oblique. In the ToS draft, it says:

[B.4] To be able to use the Drupal.org version control system you will have to accept Git access agreement and agree to Drupal Git Repository Usage policy.

While not false, this is rather oblique. What users want to do, is not "to be able to use the Drupal.org version control system", but to push to a git repo (i.e. a project or sandbox) hosted on Drupal.org. So why do we not say so. My suggestion for a revised B.4:

To upload materials to a Git repository hosted on Drupal.org, you must accept the Git access agreement and agree to the Drupal Git Repository Usage policy [https://www.drupal.org/node/1001544 ]. See the Licensing FAQs [https://drupal.org/licensing/faq ] for more information on legal uses of Drupal.org content.

- gisle

tvn’s picture

Thank you for your comments. I updated the first sentence you quoted to say "GNU General Public License version 2 or compatible".

The second sentence you quoted I updated to say “In order to host code in Drupal.org’s version control system, you will have to accept Git access agreement and agree to Drupal Git Repository Usage policy."

rhouse’s picture

F1 is somewhat nuts because you have no legal right to stop anyone linking to your website. That's just free speech: "Hey, I found a good article on drupal.org..." Not sure about framing, but I suspect you'd lose that one too.

tvn’s picture

Of course, we are not trying to stop anyone from linking to our site. We are covering one specific case, when people link to us and state that there is some sort of approval or endorsement from us, when it is not true. In such cases, we will ask people to remove links from their site.

gisle’s picture

As it stands, the ToS is clearly written for lawyers, not for people. It is quite obvious that language is not in any way phrased to educate users of the Drupal.org site about what behaviour is reasonable, but instead to protect the DA from litigation and to remove any rights the users and the community may have under civil law.

It is suggested above that it is translated into “plain language” to make it less obnoxious, with several pointing to the 500px.com “basically” translation as the way to go about this.

Actually, as already pointed out by Mile23, the 500px “translation” is deceptive. The not-so-nice clauses in their ToS are simply left out from their “basically” version.

However, for those who think it can be improved by using plain English, here is an attempt to translate some of the terms of the Drupal.org ToS from legalese into “people-readable” text:

[Preamble] If we make any material changes to these Terms of Service, we will notify you by posting a notice on the Website before the changes are effective.

We can post a footnote somewhere on Drupal.org saying that if you continue to use the site, you pledge your first-born to become a slave for the Drupal Association, and there is nothing you can do about it if you fail to spot this before it is too late for it to have legal effect.

[A.5] We have the right to disable any username or password at any time in our sole discretion for any or no reason,

If we want to, we can kick you out, and thereby disassociate [see E.2] you from all the work and knowledge you've contributed for free. There is no recourse and you have no right of appeal.

[B.5] The content you publish will not contain any material which is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory or otherwise objectionable.

If we think something you say is “otherwise objectionable”, we can censor you at our discretion.

[C.3] You waive and hold harmless the Company from any claims resulting from any action taken by the Company during or as a result of investigations by either the Company or law enforcement authorities.

You waive all civil rights when you use the site.

[C.4] Accordingly, we assume no liability for any action or inaction regarding transmissions, communications or content provided for the Website by any user or third party.

You really waive all civil rights when you use the site.

[D.1] By using the Website, you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy.

You really, really waive all civil rights when you use the site.

[E.2] Public content you created, such as issues, forum posts, projects, documentation page revisions, etc. won’t be deleted. All this content will be attributed to ‘Anonymous’ user.

If you, or we [see A.5], cancel your account, all moral rights associated with public content you created is automatically voided. We reserve up-front the right to ignore the attribution clause of the Creative Commons BY-SA 2.0 license we use for user contributed content as per B.2 when an account is cancelled.

[F.1] We reserve the right to withdraw linking permission without notice.

We have hired real lawyers to help us write this.

[F.4] Limitation on Liability. IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE. THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

We’re shouting, just want to make sure that you really understand that you have no rights whatsoever under civil law when you use this site. So don't even think about it.

[F.5] Arbitration. All disputes (whether in contract, tort or otherwise, whether statutory, common law or equitable and whether pre-existing, present or future) against the Company, its agents, employees, affiliates, successors and assigns (collectively, the "Company Affiliates"), relating to these Terms or any aspect of the Website will be resolved by binding arbitration administered by the Arbitration Service of Portland, Inc. ("ASP") under its arbitration rules then in effect.

Just to make sure you get the message: You really give up all your rights under civil law when you use this site. Whatever happens, if you've ever used Drupal.org, you have absolutely no right to take the Drupal Association to court over anything, even if they've stolen your money and soiled your good name and reputation as a developer.

Conclusion

It may be that the Drupal Association feels it needs to have its posterior covered by having a ToS like this. And to be fair: The proposed Drupal.org ToS is probably not significantly different from, or more obnoxious than, the ToSes used by 90 % of information society services providers. Anyone who’s watched Cullen Hoback’s excellent documentary Terms and Conditions May Apply know full-well that the main purpose of most ToSes is to strip users of rights.

However, if you try to rate the proposed terms of the ToS using the guidelines of tosdr.org, I am afraid they'll end up rather low on the scale. I had hoped that “our” association would be do better, but it I do not think it is just a matter of legalese vs. “people-readable”. It really boils down to what the DA want to do: Educate people about acceptable use, or deploy a legal instrument to protect the Drupal Association from the Drupal.org site's users. The proposed policies are clearly intended to accomplish the latter, on expense of the former. Since this looks like a conscious decision on part of the DA, I don’t see it easily reversed. We shall probably have to live with that if we want to continue to use the site.

- gisle

dddave’s picture

In the absence of a ToS, a lot of rules—“do’s and don’ts”—regarding the website are just “common knowledge” of users who have a long memory and accounts created in the early days of Drupal.org.

We should really not pretend that this is the reason for the ToS (as Gisle pointed already out: that is not what ToS are for.)

tvn’s picture

This is indeed one of the reasons. Funnily enough, for example, there is no page on the website right now which tells users that spam or advertising in comments is forbidden. There is one page specifically for Hosting forum, but not for anything else.

qcsquality’s picture

Why cant we just get rid of the legalese and write in clear laymen terms? I guess lawyers have to make a living too!

Xano’s picture

By using this Website, you represent and warrant that you are 13 years old or older. Children under 13 can create an account only with prior verifiable parental consent.

This is contradictory (using the website and creating an account are not necessarily the same things) and had this condition been in effect in the past, notable young contributors such as Gaelan and dmitrig01 would never have been able to discover Drupal in the first place.

To access the Website or some of the resources it offers, you will need to create an account and provide your email address, a username, and a password.

No, you don't. One can perfectly access most content and resources without an account and I would never have it otherwise.

... or by telephoning ASP at 503-226-3109 or 1-800-423-1216.

If I dial those numbers on my phone, I am sure that I will not reach ASP or any other destination in the USA. Please make sure all such data is formatted according international standards. This means addresses must include a country, phone numbers must have country codes, and dates must be not be written in any decimal notation, as those can be confusing (2014/09/07, 07/09/2014, and 09/07/2014 can all be the same dates, or they can be two different ones).

All code on Drupal.org is licensed under the GNU General Public License.

We may want to specify that this is the GPLv2 and not any other version of the GPL.

tvn’s picture

Thank you for your comments, Xano. I updated all of the sentences you quoted. I also updated all of the phone numbers and addresses in both documents. Let me know if there is any that I missed.

alex_drupal_dev’s picture

I actually enjoyed reading the terms of service. Thank you for not making it 900 pages long like some people do. It seems like a nice straightforward TOS. :) Thumbs Up.

CEO & Drupal Site Architect, Brainbender.

Check out my distro watch podcast here.
http://alexanderleesilva.com/drupal-distro-watch-podcast

giorgio79’s picture

Why not use the WP creative commons privacy policy
https://wordpress.org/about/privacy/
Open source is about sharing, not reinventing the wheel.

Or just use this :) https://www.drupal.org/project/legal_gen

tvn’s picture

Thank you!

barraponto’s picture

ShareAlike means our content can't go into Wikipedia, nor any other project that uses CC-BY =/

And although I'd love everyone to give back to the commons, I don't see the Drupal Association going after CC-BY-SA license abusers. If the DA won't enforce the ShareAlike portion of the license, then the Terms of Service are misleading when it says my content is licensed under CC-BY-SA.

Capi Etheriel
Web Stategist, Developer, Designer and Scraper
Hacker Transparency Movement
http://barraponto.blog.br http://zerp.ly/barraponto

greggles’s picture

It's been licensed this way for years if not over a decade. I don't think we should use this process to discuss whether we're OK with this specific license.

If we change the license in the future then we could address that by updating the TOS, something the TOS provides for and which was not previously possible.

--
CARD.com :)

tvn’s picture

Indeed, what greggles said.

Jeff Burnz’s picture

The Website is operated by Drupal Association ("Company", "we" or "us")

I was not aware the DA was a company, is this correct?

IF YOU DO NOT AGREE TO THESE TERMS OF SERVICE OR TO THE PRIVACY POLICY, YOU MUST EXIT THE WEBSITE.

This is worrying IMO - the DA says (via the TOS) that they can change the TOS, so if we disagree with the TOS, what recourse do we have, we are told in no uncertain terms to leave?

jbrauer’s picture

With a literal read that would also preclude deleting one's account before exiting the site.

tvn’s picture

Thanks for your comment, Jeff. I updated both documents to replace all occurrences of 'Company' with 'Association'.

The second part is pretty standard, if you do not accept the ToS, you are not supposed to use the Website. For any material changes to the ToS we will send an email prior to them being active, so that users had time to review.

Charles Belov’s picture

When trying to access the ToS and privacy policy, I see the top portion of the first page of each. But when I click it so I can scroll, I get a message:

File unavailable
Sorry, there's a problem with this file. Please reload.

If this keeps happening, you can report the error.

However, I can apparently use the scrollbar, as well as copy and paste.

Note that if you copy and paste the entire document into Word, you can select the all-caps paragraphs and set them to sentence case, as well as change it to a readable font size.

Charles Belov
SFMTA Webmaster
http://www.sfmta.com/

Xano’s picture

You can also just copy the file within Google Drive, if you are logged in with a Google account.

tvn’s picture

Sorry for the errors. Both docs work fine for me at the moment.

C_Logemann’s picture

I think users should always be humans especially for responsibility issues so I disagree with allowing shared accounts. But if we want to allow them I think they should not be allowed for owning project nodes. Additionally they should be flagged (maybe not changeable by the „user“ ) as suggested in Infrastructure to support organization accounts. And we need extra processes to handle such accounts in communication, responsibility, legal stuff etc.

I have added my extended comment to related Issue: "Create Basis for ToS to allow organizations to share accounts".

--
There is a module for that!
My company: paratio.com e.K.

tvn’s picture

Owning project nodes was something organizations really asked for, to ensure they can keep relations to the page even when their staff members change. We did agree on them owning project nodes with the caveat that every other activity, such as committing code, creating releases, etc. can be performed *only* by individual user accounts.

C_Logemann’s picture

I understand why organizations want an easy way to handle changing of staff. But owning a project node is combined with maintainer permissions on a project and this should only be held by humans in my opinion. To handle elementar maintaining decisions inside of external organizations with shared accounts is against transparency. Please read my arguments in my extended comment on related issue.

--
There is a module for that!
My company: paratio.com e.K.

nod_’s picture

Something I haven't seen discussed, from dstol post up there:

Information from Other Sources. We may collect information about you from other third party or public sources, such as from public forums, social networks (i.e., Facebook, LinkedIn, Twitter, or others), blogs, other users, or our business partners.

Absolutely not. How do I opt out?

I'm worried about this too. Also, it's really fuzzy.

  1. "Third party": facebook app? What do you mean by that?
  2. Is it automated?
  3. What kind of information does d.o/DA wants or "needs"?
  4. What does it covers exactly?
  5. Can we control this and/or have access to "collected" info?
  6. Do we have the ability to delete the "collected" info without having to delete the user?
tvn’s picture

Thanks for your comment. Since we don't actually collect or store any information about anyone, found on other public sources, nor do we plan to, I removed this paragraph completely.

nod_’s picture

Awesome, thanks!

christefano’s picture

While I applaud the Drupal Association for opening up this process for public comment, I have to say that discussing highly legalistic documents in a single discussion forum is not a particularly good way to go about this. I'm already exhausted from reading all the comments posted so far.

When we worked on our governance policy for the Greater Los Angeles Drupal user group, we had a simple procedure: when the authors of the policy thought they were done, we froze the document with the intention of officially enacting 2 weeks later.

If there was any feedback during the 2-week "freeze period" that led to unfreezing the document and making any changes, we extended the "freeze period" of the document for 2 weeks. Although that process was intentionally slow and overly-careful, we chose to do it that way because we wanted members of our user group to have a reasonable chance of being part of the governance process.

In contrast, here the Drupal Association has gives everyone a firm rollout date, which puts unnecessary pressure on the time and resources of members of this community to speak up… and read the documents, and all the comments… in less than 4 weeks… and this incorrectly assumes that general members of the community actually understand how to read these types of documents.

The time limit placed on this process feels to me like more of the same that happened with the mishandled TheDayWeFightBack.org campaign and it's wearing on the trust and confidence I have in the Drupal Association.

I understand that it's challenging to craft policies for a community as large and diverse as the Drupal community, but in order to give this intelligent community the proper respect it deserves I suggest implementing something similar to a document freeze period or rolling out these documents in a slower, iterative process.

tvn’s picture

Thanks for your comment, christefano. I really like the process you've described. We will definitely consider using it for some of the future governance work with the community.

jbrauer’s picture

You must treat your username and password as confidential, and you must not disclose it to any third party.

Yet my username is disclosed any time anyone looks at this post or any other. I cannot possibly both use the site and not disclose it.

You agree to immediately notify us of any unauthorized use of your username or password or any other breach of security.

Generally I'm not aware of an unauthorized use of my username and password. Unless I happened to be watching someone do it in a public place. If I were to become aware of an unauthorized use of my username or password (assuming that means username and password) I'd have far greater concerns like securing the source of the leak. Once that was in hand it could be reasonable to ask for a report in a particular period of time (though ultimately it's not clear how I report this). And "any other breach of security" is a very big broad category. Is it limited to breaches involving one of the d.o sites?

Some sections refer to unlawful activity. Unlawful in what jurisdiction?

The section on organization accounts does not permit the organization to post documentation related to their project. Nor does it appear to allow creation of release nodes on projects.

tvn’s picture

Thank you for your comments! I updated the first sentence you quoted to remove 'username and'.

I updated the second one as well to specify how to contact us. We are intentionally vague about "any other breach of security" for not to limit what people think they should report. Any breach of security (yes, mostly related to D.o) should be reported.

Some sections refer to unlawful activity. Unlawful in what jurisdiction?

Oregon, United States.

The section on organization accounts does not permit the organization to post documentation related to their project. Nor does it appear to allow creation of release nodes on projects.

That is intentional, activities you mention should be performed by individual employees of the company using their individual accounts. While we want to give credit to companies, we also want to give it to people who are actually doing the work.

jbrauer’s picture

In the situations I've been aware of in the past the same rules, laws or regulations that prevent an individual from posting the project would apply to the releases and documentation for those. This is, of course, avoidable though it will further encourage people to post pieces, and possibly even major functionality on sites with a TOS that is more permissive and suitable to the organizations. To me that is a net-loss for drupal.org especially because generally the people involved will post here under their own accounts if it is allowed by the conditions of their engagement.

dgtlmoon’s picture

I hope this means finally we can stop recruiters from spamming various Groups!

tvn’s picture

We have additional solution coming soon, which should stop them from spamming Groups. Make sure to check https://assoc.drupal.org/news.

nerdcore’s picture

5. We have the right to disable any username or password at any time in our sole discretion for any or no reason, including, if in our opinion, you have failed to comply with any provision of these Terms of Service.

Noncompliance with the ToS should probably be grounds for deletion. That's what the ToS is for.

But what is this "any or no reason" nonsense? I have no desire to use a site where I have no guarantee it will be available again to me tomorrow. This is dangerous and damaging to our community. It gives no confidence to users that the site will continue to be available to them or for them.

Arbitrary account deletion is the kind of Terms that I cannot agree with.

tvn’s picture

I clarified that paragraph to say that we are going to disable user accounts for either not complying with the ToS or Git Repository Usage Policy, or not following Code of Conduct. I think these 3 should cover all possible situations when we disable accounts.

nerdcore’s picture

The content you publish will not promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.

I take this to mean that I may post discriminatory material based on height, eye colour, disposition, weight, shoe size, dress, beardiness, or numerous other personal characteristics.

Common legal language for this type of clause is to include "or any other reason". IMHO this is the type of clause which does warrant such catch-all terminology.

My suggestion is to MOVE the "any or no reason" from account disabling down to discriminatory material. Don't discriminate based on anything. Don't be rude to other people...

tvn’s picture

That definitely does not mean you may discriminate for other reasons. However, the wording we use is pretty standard, after a discussion we decided not to add "any other reason", because that can possibly open doors for any kind of report. E.g. someone's patch is not being committed to a module. Author could potentially report "module owner discriminating them based on the level of Drupal knowledge".

nerdcore’s picture

Section F paragraph 8 indicates that the ToS and PP are the only documents constituting an agreement between myself and the DA:

8. The Terms of Service and our Privacy Policy constitute the sole and entire agreement between you and the Company with respect to the Website and supersede all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to the Website.

I take this to mean that the inclusion of the Drupal Git Repository Usage policy in B.4 and Drupal Code of Conduct in B.5 are hence superceded and enulled by F.8. In its current writing I will only be reading the ToS and PP and not the Code of Conduct or the Git Usage policy. Is this correct?

tvn’s picture

You will have to read and agree to Git Usage Policy when you will want to upload any code to Drupal.org's Git.
We do mention Code of Conduct, however we do not state that it is an official agreement between us and the user, because Code of Conduct is a community governance type document. It is not an official legal document of the Drupal Association.

nithinkolekar’s picture

Ok then provide existing long term genuine users some option like auto accept the ToS when it is published :)

tvn’s picture

Once the ToS is published you will definitely see a notification and will have to click one checkbox to accept it.

christefano’s picture

  • Is the privacy policy from the Drupal Association or Drupalcon, LLC? The privacy policy mentions both.
  • Can the terms of service be retroactively applied to existing content?
  • Section A7 in the terms of use mentions nodes. The word "node" needs to be defined.
  • Section B5 in the terms of service sure does rule out a lot of activity:
    • What about job announcements for dating sites or sites with adult content?
    • What about advertising professional services such as trainings?
    • What about innocent mistakes, like how a feed on Drupal Talk took down Drupal.org?
  • Finally, who wrote these documents and why aren't they here to answer our questions?

Having our community of (mostly) non-lawyers asking questions and pointing out problems in the documents seems like a strange use of our time.

tvn’s picture

The privacy policy is from the Drupal Association. I updated the doc.

All existing users will have to accept Terms of Services and Privacy policy once those are in place. As for the content, ToS does not introduce any big changes from our community norms, so there should not be a lot of content which is against the ToS. The one case I can think of are organization vs individual accounts owning content, we'll need to think how to deal with those.

Will add something to explain 'node' in the docs.

Finally, who wrote these documents and why aren't they here to answer our questions?

We gave some time for more feedback to be collected. Both drafts are now updated to incorporate some of the feedback.

greggles’s picture

Hi,

As someone who has asked for the creation of these documents in the past I just wanted to say thanks to the Content Working Group and Drupal Association and anyone else involved for putting time into writing and publishing them. It's a very hard thing to create TOS/PP. It's harder to do that for a site like ours that has a rich history of "common law" rules and community norms. It's harder still to do it for a site full of opinionated people who may have written or added a TOS/PP to one or more sites.

I'm confident that the CWG and DA is reading feedback left here. I'm confident that they will incorporate many elements of the feedback. I'm hopeful they will respond to many of the points, but will absolutely understand if they don't do that on a point-by-point basis as there are many pieces of constructive feedback (and maybe one or two that are not constructive).

--
CARD.com :)

tvn’s picture

Hi everyone and thanks for your detailed comments. I've been waiting to collect some more feedback, before going through all of it. Couple of days ago Holly Ross, Josh Mitchell and I set together and went through all of the comments in this document. We discussed which changes we can and cannot do. Today I updated both documents and addressed most of the comments here. While we can't remove the whole legalese part completely, we'll try to simplify wording a bit more in the next few days.

Thanks again for catching a lot in these docs and pointing it to us. We appreciate your feedback.

dstol’s picture

It would be wonderful if these documents were projects in repositories here so we could see diffs, tags, etc.

catch’s picture

I didn't read through the entire revised document, but the clause about language is still there. That'd mean my comment at https://www.drupal.org/node/375397#comment-5442730 falls foul of the TOS. If this goes into effect tomorrow should I stop using Drupal.org?

Jaypan’s picture

日本語で投稿すると、殆どのユーザーが話に入れないから遠慮したほうがいいんじゃない?

Let's just stick with English. There are localized sites for other languages.

catch’s picture

I agree with sticking with English by convention. What I don't agree with is revoking access to the site if someone posts in a language other than English.

tvn’s picture

I don't think that anyone will be blocked by posting a comment or part of it in another language. However what if someone starts posting comment after comment after comment in a language most users don't understand? What if they do it in the core issue?

Another specific example we were trying to address is when users post case study or organization node or project page in a different language, we (webmasters) ask them to translate it into English. If they don't do it, the node gets unpublished after some time. We wanted this to be clearly documented to give webmasters 'official' page they can point to and explain their request.

Can we change the wording somehow to make it clear that no one will be blocked in your example, but allow us to take an action in other cases? E.g.:

The language of the site is English. The content you publish will be written in English (except for local user groups at groups.drupal.org and programming languages, of course). If you publish a node in a different language, we will ask you to translate it, otherwise it might be unpublished. If you repeatedly post content in a language other than English, you might be blocked.

C_Logemann’s picture

I think this focus on english is OK for drupal.org especially if there is no risk of banning users when they use another language. But the TOS is for *.drupal.org and so also groups.drupal.org is influenced. There we can choose a different "Group language" which is used by lot's of local communities.For this groups there is maybe a need for asking users to not use a language different from group language even if english.

--
There is a module for that!
My company: paratio.com e.K.

tvn’s picture

That's why we explicitly say "The content you publish will be written in English (except for local user groups at groups.drupal.org..)".

C_Logemann’s picture

That's why we explicitly say "The content you publish will be written in English (except for local user groups at groups.drupal.org..)".

You are right. I didn't noticed that you already implemented this important exception.

I agree that it's good to have some rules where our webmasters can work with. I want to thank everyone who is working on the new TOS. But I believe there is still a lot of work for reviewing and discussion.

--
There is a module for that!
My company: paratio.com e.K.

Xano’s picture

This is an issue about the difference between drupal.org's legal terms and house rules. If you're in my house and you're being annoying, I can throw you out, but not sue you. That distinction must be clear in the ToS.

catch’s picture

However what if someone starts posting comment after comment after comment in a language most users don't understand? What if they do it in the core issue?

An on-topic comment in a language other than English isn't worse than an off-topic (and/or unintelligible) comment in English - and there are many, many more of that latter in the issue queue - both core and contrib. The response I see most often to those is unpublishing the comment.

The unpublishing of case studies with no translation (after a request for translation was ignored, and presumably also time passing) is fine with me - but that's a content moderation decision - does the TOS really need to cover specifics of case studies?

I agree that someone posting lots of comments not in English in the core queue might be a problem, but it doesn't feel like a real problem that needs to be covered specifically by the TOS.

gaele’s picture

From C.2:

[...] we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity of anyone posting any materials on or through the Website. (emphasis mine)

Are you going to use that right on every law enforcement request? E.g. from the authorities in China? Egypt?

greggles’s picture

Of course not. This is the kind of non-constructive comment we've seen on this thread that really frustrates me. You have a very valid complaint, but you phrase it in a way that's critical and not constructive and seems a bit frustrated. If you start from a position of criticism and frustration it makes it harder for people to collaborate in finding a solution.

Consider an alternate approach, making a specific, reasonable request that addresses your concerns. For example:

I think it would be great for the DA to create a page like this:

http://www.google.com/transparencyreport/removals/government/

My guess is that it would currently list zero incidents and probably would remain blank for a long time into the future. But having a page like that which details what information you will share when a government request does come in AND a commitment to keep it up to date that will help give comfort to a lot of people (including me).

--
CARD.com :)

gaele’s picture

Hi greggles, yes a lot of the people in this threat are frustrated. First I wanted to say sorry for making you frustrated too, but then I thought maybe it's a good thing you feel like we feel for a moment :-)

What's really annoying me is the feeling I get from this that the DA is acting like a corporation, or worse yet a US corporation, copy pasting a corporate ToS, instead of an association working in the interest of the community. jbrauer and Xano already worded it better than I can.

To solve this it won't help tackling the issues raised here one by one. First the attitude needs to change. So I welcome the postponement of the ToS.

Regarding my issue above, I think your proposal would be a move in the right direction. What I would really like though is for the DA to take a stance ("What we won't do ....").

killes@www.drop.org’s picture

Q: What's 200 lawyers chained to the bottom of the sea?

A: A good start.

Brian Altenhofel’s picture

With README files and other in-repo non-code documentation, are those considered "user generated content" or "code" for licensing purposes considering that CC-BY-SA is incompatible with GPL?

gaele’s picture

gisle’s picture

gaele wrote:

All files in Git are GPL.

Only in the dreams of those that created this ToS. In reality, a lot of exceptions are tolerated and/or requested.

And because of fiction that "All files in Git are GPL", there is not even a requirement to properly document these exceptions, which means that today, there is considerable confusion about what license a given file is under.

For instance, there are almost no non-code assets (fonts, icons, images) available under GPL. This is because GPL is a very, very poor license for assets. So free (as in "freedom") assets are instead made available under non-GPL compatible licenses such as the SIL OFL or CC BY-SA. In 2014, people bundle assets with their projects. And if you look at the files that is in the Drupal.org git repo, you'll see that a lot of these non-GPL assets are present in the repo.

There is a separate discussion about this going on. Hopefully, it will redefine Drupal.org's policy on hosting 3rd party files and/or files that is not strictly GPL. There si no conclusion yet, but one possible outcome is Git repo policy and licensing FAQ may change into something more in tune with the current practice.

There is also another discussion to render the README.md for a project on the Drupal.org project page.

While this proposal makes a lot of sense from a practical and technical perspective, it does not fit well with the "All files in Git are GPL" dictum, since posting it on the project page will bring it under CC BY-SA 2.0, which is incompatible with GPL.

- gisle

chx’s picture

The Website, its features and functionality are owned by the Drupal Association.

You do realize, of course, that the website runs GPL software and as such the functionality is most definitely not owned by anyone except perhaps a mass of Drupal contributors?

The content you publish will not contain any material which is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory or otherwise objectionable.

Offensive to whom? Objectionable by whom?

The language of the site is English. The content you publish will be written in English

You are kidding me, right? Are you seriously going to ban someone for posting a question in their native language and/or answering to that?

Use the Website in any way that violates any applicable law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries);

Wait, did just ask me to know the software export regulations of every country in the world?

Use the Website in any manner that could disable, overburden, damage, or impair the Website

So when I put my name as <script>alert('chx');</script> to the DrupalCon Coppenhagen site that is a bannable offense?

All disputes relating to these Terms or any aspect of the Website will be resolved by binding arbitration

Did you just try avoiding anyone suing you? Isn't this sort of thing considered evil?

This Website is not intended for children under 13 years of age

That is unacceptable. We will not post such a thing to drupal.org . We had most excellent contributors below the age of 13. Edit: COPPA applies only to commercial entities, not non-profits or schools.

We may disclose information we collect from or about you when we believe disclosure is appropriate to protect the safety of the Association

That is not even funny.

If some or all of our business assets are sold or transferred as a result of any corporate change (merger, consolidation, reorganization, bankruptcy, etc.),

WTF.

Nothing in this Privacy Policy is intended to interfere with our ability to transfer all or part of this Website) to an unaffiliated third party at any time, for any purpose, without any limitation, and without notice or any compensation to you.

You are kidding me, right? You just said that you can do whatever the hell you want with the data.

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

Jaypan’s picture

You do realize, of course, that the website runs GPL software and as such the functionality is most definitely not owned by anyone except perhaps a mass of Drupal contributors?

I believe this is incorrect. People can still own sites, all Drupal sites are not owned by all contributors.

catch’s picture

While you can own the site, you can't claim ownership of all of the functionality on the site.

chx’s picture

We welcome community members of any age, however due to legal requirements, if you are under 13 year old, you will need to use the site with your parents.

WHAT legal requirement? I call BS because neither Mozilla https://www.mozilla.org/en-US/about/legal/ nor Wikipedia https://wikimediafoundation.org/wiki/Terms_of_Use restricts kids.

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

chx’s picture

Speaking of, can we just take Mozilla's ToS, replace the "3. Changes" with one that tells you we will warn and be done with this sad farce?

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

ar-jan’s picture

+1 to this. There are too many provisions that require the community to completely and unconditionally trust that the DA would never, ever, make any unreasonable decision.

Xano’s picture

The original news article makes it sound drupal.org needs Terms of Service because day-to-day administration needs to become more consistent. It also asks drupal.org users and not lawyers for feedback. The draft document, however, is full of legal conditions and does not sound like it tries to help in the aforementioned day-to-day administration of drupal.org. Instead, it sounds formal, sometimes somewhat scary, and overall like its purpose is to protect the DA from being sued.

While I understand that a legal entity wants and needs to protect itself, considering what the Drupal community is, I think we can and must do better. As mentioned before by at least @chx and me, scaring (young) people away is the last thing the DA should be doing.

The original article also says the ToS will come into effect tomorrow, on Thursday September 4th. So far only one revision has been made based on community feedback. Will the ToS really be forced upon us tomorrow, without taking into account all the more recent feedback that is partly based on the revision of August 21st?

greggles’s picture

+1 to postponing.

I really think that this deployment/enforcement should be postponed. It's going to take more time to make a ToS we can be proud to have on our lovely sites.

--
CARD.com :)

tvn’s picture

Hi all,

based on all the feedback we decided to postpone ToS implementation, so nothing will happen tomorrow, 4th of September. We'll come back with an updated draft shortly.

chx’s picture

No more drafts. Unless you pull a Road To Damascus (which admittedly the DCOC draft did) it will be way too little.

Instead, let me repeat: just use Mozilla's. (Possibly with an upgrade that we warn about changes)

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

Jaypan’s picture

Be realistic. It's doubtful that they are going to suddenly abandon all efforts up until now and suddenly go a different direction altogether. Efforts are better focused on providing constructive feedback on the current TOC draft, than trying to point in another direction altogether, or providing feedback in a manner that alienates the people who are working hard to try to put something together. Particularly when this is a task that likely none of them have previous experience in, and when there likely isn't anyone available who does.

chx’s picture

this is a task that likely none of them have previous experience in

Then just let's pick Mozilla's...

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

greggles’s picture

Mozillas is also rather long and has all caps in it, two major complaints about the DA version. I don't see why you feel it's a panacea.

I also don't see why you think drafts are not a way to solve problems. If this were a patch file in an issue would you be happier? We do dozens of drafts of patches. Why not for the TOS as well?

--
CARD.com :)

chx’s picture

I would reset the issue to active and ask for a rewrite from ground up. Whoever wrote this has zero connection / knowledge of Drupal, the software, the community and the website. I have little faith that the next draft would be a complete reboot (but then again, the DCOC draft was).

I see the Mozilla one as a panacea because the all caps is a minor problem and 1) it doesn't try to appropriate all content, data and functionality, violating existing licenses in place 2) it doesn't put any restriction on kids 3) doesn't try to avoid lawsuits consequences be damned. And, we don't need to spend a gazillion dollars on lawyers to verify its legalese.

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.