diff --git a/privacy.md b/privacy.md
index 6481edd..806380e 100644
@@ -1,13 +1,5 @@
-# - Clarify that we don't store any information about logged-out users, except
-# for their IP address.
-# - Improve wording of details about short-lived session cookies.
-# - Improve presentation of bcrypt process.
-# - Mention information stored from email headers.
-# - Clarify s/web browser/client/g
-# These changes are batched to reduce the noise upon notifying users.
If you have any questions, please reach out to Drew DeVault <email@example.com> via
@@ -17,13 +9,14 @@ email.
The only data we require of your account is your email address; a username of
your choosing, which must be unique among all users; and a password. Your email
-and username are stored in "plain text". Your password is stored after
-processing with bcrypt, from which the original password cannot be devised
-without a computationally expensive process. However, given your password, we
-can determine that it matches our stored key without expensive processing. The
-purpose of this step is to ensure that should our database become compromised,
-your original password will be difficult to recover. Regardless, you are
-strongly encouraged to use a unique password for your sr.ht account.
+and username are stored in "plain text". Your password is obsfucated with the
+bcrypt algorithm, from which the original password cannot be derived without a
+computationally expensive process. When you log in with your password later on,
+we are able to verify that it matches our bcrypt record, and discard it once you
+have been authorized. The purpose of this step is to ensure that should our
+database become compromised, your original password will be difficult to
+recover. Regardless, you are strongly encouraged to use a unique password for
+your sr.ht account.
You may choose to give us additional information, which is shown publicly on
the site. This includes:
@@ -46,8 +39,8 @@ You may delete this information at any time by visiting your [account
details](https://meta.sr.ht). If you provide a PGP key, you may choose to have
email communications from sr.ht encrypted before being sent to you.
-We also obtain some information from your web browser as you use our services
-and store it for up to 30 days:
+We also obtain some information from your user agent (typically a web browser)
+as you use our services, and store it for up to 30 days:
- Your IP address
- When you accessed the site
@@ -60,12 +53,22 @@ unknown activity on your account. If we permitted deletion of this information,
someone who obtains unauthorized access to your account would be able to delete
+We also collect this information automatically for anonymous users (users who
+are not logged in), and store it for up to 30 days. This information is examined
+during routine security audits to identify malicious use of the services.
We also store various other kinds of information that you explicitly choose to
give us, including (but not limited to):
-- repositories on git.sr.ht
+- repositories on git.sr.ht or hg.sr.ht
+- your name and email address as recorded in Git and Mercurial repositories
- tickets on todo.sr.ht
- build logs and secrets on builds.sr.ht
+- email contents and headers posted to lists.sr.ht
+Some of this information is shared with other users as a normal part of
+providing access to the relevant services; for example, your name and email
+address are recorded by git and shared with users who clone your git repository.
To faciliate automated access to your account for third-party service or your
personal use, we also generate and store API keys which can be used to authorize
@@ -80,9 +83,8 @@ recovered from this token.
you're logged into your account between visits without prompting you for your
-fact that we have to tell you on the next page you load that we completed some
-operation sucessfully for you.
+session, only to the extent necessary to provide functional service.
## How we share your information with third-parties
@@ -99,10 +101,10 @@ sites. On pages displaying this content, information may be sent to these
third-parties. This information includes:
- Your IP address
-- Information about your web browser, such as whether you use Firefox or Chrome
+- Information about your user agent, such as whether you use Firefox or Chrome
- The URL on sr.ht you visited when you saw this content
-We are not responsible for any additional information your web browser may send
+We are not responsible for any additional information your user agent may send
to these third parties.
If you use any of our paid services, we will transmit your payment information
diff --git a/terms.md b/terms.md
index 8d1afde..5ccaf71 100644
@@ -1,8 +1,5 @@
title: Terms of Service
-# - Explicitly prohibit the use of our services for cryptocurrency mining
-# - Use of the terms "free software" and "open source"
These are the terms of service for sr.ht; please read them before using sr.ht.
@@ -16,11 +13,12 @@ email.
your account. We can cut you off at any time.
- Use our services in good faith and don't get us in trouble.
- You grant us enough rights to your content to provide our services.
+- Public projects must use an approved license from the list.
- We can terminate service at any time.
- Some services may require payment.
- We'll email you before these terms change.
-This is for quick reference only, binding terms follow.
+This is for quick reference only - see the full terms in detail follow.
@@ -74,6 +72,7 @@ You must not deliberately use the services for the purpose of:
- impersonating any person other than yourself or organizations you are
authorized to represent
- spamming, unsolicited advertising, or solicitation
+- use of excessive resources, such as for cryptocurrency mining
You may use automated tools to obtain public information from the services for
the purposes of archival or open-access research. You may not use this data for
@@ -88,13 +87,46 @@ services. If you make your content public through privacy tools on our services,
you grant other users of the network the right to view and use your content
through the tools provided by our services.
-You may grant additional rights on your content, for example by providing a
-LICENSE or COPYING file in git repositories hosted on git.sr.ht.
You may request an archive of all of your content on the service by writing an
email to Drew DeVault <firstname.lastname@example.org> and allowing up to 2 weeks for an archive
to be prepared.
+## Permissible licenses for distribution
+Public projects utilizing the services are required to use an open source
+license, free software license, or Creative Commons license for the distribution
+of their works. A 90 day grace period is offered to new projects to decide on a
+license, after which they are expected to obey these terms. If you need help
+choosing a suitable license, [advice is available online][choosing a license].
+[choosing a license]: https://man.sr.ht/license.md
+The use of multiple licenses is permitted, so long as other users of the service
+may use, at their choice, at least one license which qualifies. You may also
+choose to distribute your software under separate license terms by private
+agreement; for example by licensing your work under the GPL and offering
+different license terms to private buyers; assuming you possess the copyright
+for the software being licensed under such terms. You may also choose a
+non-approved license for derivative works if such derivatives do not make use
+of the services.
+"Free software license" refers to licenses listed at ["Various Licenses and
+Comments about Them"][gnu license list] which are not listed as "Nonfree
+[gnu license list]: https://www.gnu.org/licenses/license-list.en.html
+"Open-source license" refers to licenses approved as such by the Open Source
+Initiative. See: [Open Source Licenses by Category][osi license list]
+[osi license list]: https://opensource.org/licenses/category
+"Creative Commons license" refers to licenses published by Creative Commons,
+such as CC-BY-SA, CC-BY-NC, CC-0, and so on.
+See: [About CC Licenses][cc license list]
+[cc license list]: https://creativecommons.org/about/cclicenses/
## Service availability
We may disable or terminate all or part of our services, permanently or