<p>The CT signup process still works, in that if you still have a non-CT account and try to do things you have to accept the CTs first.</p>
<p>I'm against "re-using" existing code directly. It would be a nightmare if the code is covered in references to the contributor terms, but it had been repurposed to being acceptance of a ToU. For example, you can send messages and still be logged in and all sorts without agreeing to the CTs, but what we're proposing here covers much more of the site (e.g. read-only API requests).</p>
<p>I'd also like to avoid adding a zero hour block to every user - it would certainly pollute the list of user blocks somewhat!</p>
<p>I think what needs some clarity is:</p>
<ul>
<li>Do we need to store a confirmation that the privacy policy has been agreed to? Boolean or timestamp?</li>
<li>How should we handle future privacy policy changes - do we just blank the 'privacy_policy_agreed' column every time we change the policy? Or do we need to track versions and agreements for each version?</li>
<li>Do we need to handle the API ToU agreement separately, or is there just one agreement to cover both privacy policy and API ToU?</li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/1854#issuecomment-389086298">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLVthmuJ1eh006KJVkU6KxfU43cjDks5typGBgaJpZM4T57BD">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLfixGvbwa5gBbwLYf1GlBSUmjUUWks5typGBgaJpZM4T57BD.gif" height="1" width="1" alt="" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/openstreetmap/openstreetmap-website/issues/1854#issuecomment-389086298"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@gravitystorm in #1854: The CT signup process still works, in that if you still have a non-CT account and try to do things you have to accept the CTs first.\r\n\r\nI'm against \"re-using\" existing code directly. It would be a nightmare if the code is covered in references to the contributor terms, but it had been repurposed to being acceptance of a ToU. For example, you can send messages and still be logged in and all sorts without agreeing to the CTs, but what we're proposing here covers much more of the site (e.g. read-only API requests).\r\n\r\nI'd also like to avoid adding a zero hour block to every user - it would certainly pollute the list of user blocks somewhat!\r\n\r\nI think what needs some clarity is:\r\n\r\n* Do we need to store a confirmation that the privacy policy has been agreed to? Boolean or timestamp?\r\n* How should we handle future privacy policy changes - do we just blank the 'privacy_policy_agreed' column every time we change the policy? Or do we need to track versions and agreements for each version?\r\n* Do we need to handle the API ToU agreement separately, or is there just one agreement to cover both privacy policy and API ToU?"}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/1854#issuecomment-389086298"}}}</script>
<script type="application/ld+json">{"@type":"MessageCard","@context":"http://schema.org/extensions","hideOriginalBody":"false","originator":"37567f93-e2a7-4e2a-ad37-a9160fc62647","title":"Re: [openstreetmap/openstreetmap-website] GDPR related sign-up changes (#1854)","sections":[{"text":"","activityTitle":"**Andy Allan**","activityImage":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","activitySubtitle":"@gravitystorm","facts":[]}],"potentialAction":[{"name":"Add a comment","@type":"ActionCard","inputs":[{"isMultiLine":true,"@type":"TextInput","id":"IssueComment","isRequired":false}],"actions":[{"name":"Comment","@type":"HttpPOST","target":"https://api.github.com","body":"{\"commandName\":\"IssueComment\",\"repositoryFullName\":\"openstreetmap/openstreetmap-website\",\"issueId\":1854,\"IssueComment\":\"{{IssueComment.value}}\"}"}]},{"name":"Close issue","@type":"HttpPOST","target":"https://api.github.com","body":"{\"commandName\":\"IssueClose\",\"repositoryFullName\":\"openstreetmap/openstreetmap-website\",\"issueId\":1854}"},{"targets":[{"os":"default","uri":"https://github.com/openstreetmap/openstreetmap-website/issues/1854#issuecomment-389086298"}],"@type":"OpenUri","name":"View on GitHub"},{"name":"Unsubscribe","@type":"HttpPOST","target":"https://api.github.com","body":"{\"commandName\":\"MuteNotification\",\"threadId\":333951043}"}],"themeColor":"26292E"}</script>