<blockquote>
<p>I think everybody would appreciate if new dependencies on commercial service providers (aka Radiant in this case) were not tried to be smuggled in under the radar, but at least properly raised to attention.</p>
</blockquote>
<p><a class="user-mention" data-hovercard-type="user" data-hovercard-url="/hovercards?user_id=1011860" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/simonpoole">@simonpoole</a> we don't smuggle things in under the radar.  We literally put it in the "release highlights".</p>
<p>Anyway...  I don't think it should affect the security policy.  The only part that requests anything is these lines that will fetch a supplied <code>.json</code> file containing the rules definition:</p>
<p><a href="https://github.com/openstreetmap/iD/blob/24b6e9aeec81c5f09b650dc3067e746b9b6860d0/modules/core/context.js#L483-L492">https://github.com/openstreetmap/iD/blob/24b6e9aeec81c5f09b650dc3067e746b9b6860d0/modules/core/context.js#L483-L492</a></p>
<p>These are then turned into rules by this code:<br>
<a href="https://github.com/openstreetmap/iD/blob/master/modules/services/maprules.js">https://github.com/openstreetmap/iD/blob/master/modules/services/maprules.js</a></p>
<p>And if any rules are defined, they will appear at save time:<br>
<a href="https://github.com/openstreetmap/iD/blob/master/modules/validations/mapcss_checks.js">https://github.com/openstreetmap/iD/blob/master/modules/validations/mapcss_checks.js</a></p>
<p>So someone running a mapping campaign could define rules like "for this editing session all the buildings must have a height tag", or "all highways must have a surface tag".</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2122#issuecomment-456910920">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLdhA9JsQ1nGSZHqPRhmptHr_PP9jks5vGKfZgaJpZM4aPP4g">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLUYuzwva0QgJSvheSPTaOEr9M-fFks5vGKfZgaJpZM4aPP4g.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@bhousel in #2122: \u003e I think everybody would appreciate if new dependencies on commercial service providers (aka Radiant in this case) were not tried to be smuggled in under the radar, but at least properly raised to attention.\r\n\r\n@simonpoole we don't smuggle things in under the radar.  We literally put it in the \"release highlights\".  \r\n\r\nAnyway...  I don't think it should affect the security policy.  The only part that requests anything is these lines that will fetch a supplied `.json` file containing the rules definition:\r\n\r\nhttps://github.com/openstreetmap/iD/blob/24b6e9aeec81c5f09b650dc3067e746b9b6860d0/modules/core/context.js#L483-L492\r\n\r\nThese are then turned into rules by this code:\r\nhttps://github.com/openstreetmap/iD/blob/master/modules/services/maprules.js\r\n\r\nAnd if any rules are defined, they will appear at save time:\r\nhttps://github.com/openstreetmap/iD/blob/master/modules/validations/mapcss_checks.js\r\n\r\nSo someone running a mapping campaign could define rules like \"for this editing session all the buildings must have a height tag\", or \"all highways must have a surface tag\"."}],"action":{"name":"View Pull Request","url":"https://github.com/openstreetmap/openstreetmap-website/pull/2122#issuecomment-456910920"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2122#issuecomment-456910920",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2122#issuecomment-456910920",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>