[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updated review of GitLab

From: Tristan Miller
Subject: Updated review of GitLab
Date: Tue, 29 Oct 2019 14:05:30 +0100

Dear all,

A few days ago I received the message below from GitLab.  To summarize,
their managed source hosting service at will be serving
proprietary JavaScript code that may be used to report "telemetry" to a
third-party service.

I imagine that GitLab will continue to work when this proprietary
JavaScript code is blocked (though I haven't tested this myself).  So
probably GitLab still meets Criterion C0.  However, the fact that
visitors will be tracked and reported to other organizations means that
GitLab now fails Criterion B1.  So Criterion B1 should now be
mentioned in GitLab's list of "Things that prevent GitLab from moving
up to the next grade, B".


Begin forwarded message:

Date: Wed, 23 Oct 2019 20:45:43 +0000
From: The GitLab Team <address@hidden>
To: <address@hidden>
Subject: Important Updates to our Terms of Service and Telemetry

Dear Tristan Miller,

We have launched important updates to our Terms of Service surrounding
our use of telemetry services. Starting with GitLab 12.4, existing
customers who use our proprietary products (that is, and the
Enterprise Edition of our self-managed offerings) may notice additional
Javascript snippets that will interact with GitLab and/or third-party
SaaS telemetry service (such as Pendo).

For users:  as we roll out this update you will be prompted
to accept our new Terms of Service. Until the new Terms are accepted
access to the web interface and API will be blocked. So, for users who
have integrations with our API this will cause a brief pause in service
via our API until the terms have been accepted by signing in to the web

For Self-managed users: GitLab Core will continue to be free software
with no changes. If you want to install your own instance of GitLab
without the proprietary software being introduced as a result of this
change, GitLab Community Edition (CE) remains a great option. It is
licensed under the MIT license
( and will contain no
proprietary software. Many open source software projects use GitLab CE
for their SCM and CI needs. Again, there will be no changes to GitLab

Key Updates:

- (GitLab’s SaaS offering)and GitLab's proprietary
  Self-Managed packages (Starter, Premium, and Ultimate) will now
  include additional Javascript snippets (both open source and
  proprietary) that will interact with both GitLab and possibly
  third-party SaaS telemetry services (we will be using

- We will disclose all such usage in our privacy policy, as well as
  what we are using the data for. We will also ensure that any
  third-party telemetry service we use will have data protection
  standards at least as strong as GitLab and we will aim for SOC2
  compliance. Pendo is SOC2 compliant.

If you have any questions please contact us at address@hidden

Thank you,

GitLab Team

You are receiving this email because you have an active repository on

                  Tristan Miller
Free Software developer, ferret herder, logologist

Attachment: pgpEzC8AoGClV.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]