So, this has rather significant private-object implications. See for instance the discussions we had on-list about trust of third party js API's that get access to our objects, and also consider that publicy stating a private object exists is an issue itself.
I think that we can probably tolerate the external js without a contract / DPA analysis IF and only IF it is not loaded where personally identifying information and / or private data is accessible on the page. I'm not sure how deep that rabbit hole will go; I suggest consulting with curtis or deryck about this. -- https://code.launchpad.net/~mbp/launchpad/798412-plusone/+merge/83449 Your team Launchpad code reviewers is requested to review the proposed merge of lp:~mbp/launchpad/798412-plusone into lp:launchpad. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
