The aim of this protocol is to make Bits of Freedom's expectations with regard to software clear to developers.
Wherever possible, we use free softwareRead more about what falls under 'free software', and the software we create is free, as well. Any software we develop must be published under a GPL-compatible licence. In this way, everyone acquires the right to modify the software and in turn share it with others. So, if you write a piece of software for us, you will need to publish it under a licence that enables us to share it under a GPL-compatible licenceAn overview GPL-compatible licenses.
To minimise damage in the event of data leaks, the software must process as little of users' data as possible. In addition, it may never send data to a third party. Should the software process personal data, the data must always be treated in accordance with the General Data Protection Regulation, and, by the same token, we shall ensure transparency in its regard and keep an accurate record of what we collect. We also discard such data as soon as possible.
We prefer to collect as little data as possible, but if a project calls for the use of analytics, we employ an in-house installation of the open source analytics package, MatomoAbout Matomo (the only mature analytics software we know of that is in compliance with our privacy standards).
Elements from third parties
In order to prevent tracking and increase security, the software may not load elements from websites of third parties, e.g., illustrations, scripts, social-media sharing buttons, or entire pages via iframes. Should you, for example, wish to use any fonts, these should be obtained from our own server, which hosts them, rather than being dynamically loaded from, e.g., Google Fonts. The same applies to such libraries as jQuery and Bootstrap. We do not embed videos from external sites, such as YouTube, but instead use our own server.
Specific requirements for source codes
It is our aim to build software that we can maintain and easily reuse and which lends itself to sharing with interested parties. This means:
We save the code from projects on our GitLab serverOur GitLab server if the projects are suited for this. In this way, we ensure that developers are able to obtain an overview of the different versions of these codes and of any changes to them.
We write code preferably in Python and Django, unless it is essential that it be written in PHP. Our website is based on WordPress. If it is necessary for code to be integrated with WordPress, it is convenient for it to be written in PHP.
We document code thoroughly. This makes it easy for other developers to build on our software.
We program and document in English. By using English-language functions and variables, and by documenting the code in English, we can ensure that organisations in other countries who wish to develop the software further can start working on our project without difficulty.
We allow for a front-end and back-end in different languages. To ensure that both the front-end and back-end are easy to translate, we write the code with internationalisation in mind. This means that the standard language for the content of projects is English, which is in turn translated into Dutch (if necessary).
Before placing software in production, we have someone not directly involved with the project carry out a security audit.