JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests Actions Releases 28 Activity
Files
1687271bfdd74d133e4c96128997b528ba5ff606
HellionChat/THIRD_PARTY_NOTICES.md
T
JonKazama-Hellion 1b63765caa docs: community standards, privacy notice and release-body automation 
Closes the remaining gaps in GitHub's community-standards check, adds
explicit privacy and dependency documentation matching the plugin's
"DSGVO-by-design" claim, and removes the stale upstream Crowdin
artefact so the repo no longer suggests it ships its own translation
pipeline.

New community-health files:

- CODE_OF_CONDUCT.md: project-specific, short and direct, single
  reporting path to kontakt@hellion-media.de
- CONTRIBUTING.md: scope, accepted vs declined contributions, build
  and test instructions, EUPL-1.2 contribution terms, translation
  policy split between Hellion-specific (here) and upstream strings
  (Chat 2 repo)
- SUPPORT.md: routing for bugs, security, privacy and casual feedback
- .github/PULL_REQUEST_TEMPLATE.md: summary, change-type checklist,
  testing notes, compatibility notes for migrations and manifest
  fields, contribution checklist
- .github/FUNDING.yml: comments-only file, no platforms enabled,
  points donors at the upstream Chat 2 maintainers' Ko-fi pages

New privacy and compliance documentation:

- PRIVACY.md: what the plugin stores locally (config, SQLite,
  EmoteCacheV1), retention defaults, the two outbound network calls
  (BetterTTV API+CDN with ShowEmotes opt-out, Square Enix Lodestone
  font once-off), explicit no-telemetry statement, GDPR
  Art. 15/17/18/20/21 rights mapped to plugin features, third-party
  privacy-policy links
- THIRD_PARTY_NOTICES.md: direct NuGet dependencies with versions
  pinned to v0.5.4 (MessagePack, Microsoft.Data.Sqlite, morelinq,
  Pidgin, SixLabors.ImageSharp under Six Labors Split License 1.0),
  Dalamud SDK and .NET tooling, bundled Exo 2 font (OFL-1.1) and
  plugin icon, network-touch status per component, re-audit commands

Crowdin cleanup:

- crowdin.yml deleted (was upstream Chat 2's project_id 663694,
  pointed at /ChatTwo/Resources/Language.resx, never wired to
  HellionChat strings)
- README, CONTRIBUTING and CODE_OF_CONDUCT no longer suggest
  HellionChat operates a Crowdin project; remaining mentions are
  explicitly framed as upstream Chat 2's workflow

Contact and version consistency:

- Maintainer email switched from maintainer@hellion-media.de to
  kontakt@hellion-media.de in SECURITY.md and NOTICE.md
- README version references updated to 0.5.4 (header, project status
  block) and the update-tag pattern generalised from v0.1.x to v0.X.Y
- bug_report.yml version placeholder bumped to 0.5.4
- Project-documents table added to README footer linking all health
  and reference files in one place

Release-body automation:

- .github/workflows/release.yml now extracts the matching version
  block from ChatTwo/HellionChat.yaml's changelog and combines it
  with a static install / docs footer (custom-repo URL, project
  document links, licence) before passing the result to
  softprops/action-gh-release@v3 via body_path
- Workflow fails fast if no changelog block exists for the tagged
  version, automating the existing "yaml + repo.json + release body
  kept in sync" rule
- Tag value passed via env: TAG_NAME with strict ^v\d+\.\d+\.\d+$
  validation before any string concatenation, so the tag input cannot
  break out into shell evaluation
2026-05-03 10:42:07 +02:00

4.0 KiB
Raw Blame History

Third-party notices

HellionChat ships and depends on a number of third-party components. This document lists them, their licences and which of them touch the network. It is the inventory referenced by PRIVACY.md.

Last reviewed: 2026-05-03 (HellionChat v0.5.4).

Direct NuGet dependencies

Pinned in ChatTwo/ChatTwo.csproj. Versions reflect the v0.5.4 build.

Package Version Licence Network Purpose
MessagePack 3.1.4 MIT no Binary serialisation for the SQLite message store.
Microsoft.Data.Sqlite 10.0.7 MIT no Local SQLite access for the message database.
morelinq 4.4.0 Apache-2.0 no LINQ helper extensions.
Pidgin 3.3.0 MIT no Parser combinator library used for chat-input parsing.
SixLabors.ImageSharp 3.1.12 Six Labors Split License 1.0 (OSI-approved; free for open-source / non-commercial use, commercial licence required for closed-source commercial use) no Image decoding for cached emotes.

Six Labors note: HellionChat is an EUPL-1.2-licensed open-source project distributed at no cost. Use of ImageSharp 3.x under the Six Labors Split License 1.0 is permitted on that basis. Anyone forking HellionChat for closed-source or commercial redistribution should review the Six Labors licence terms and obtain a commercial licence if required.

SDK and tooling

Component Licence Notes
Dalamud.NET.Sdk 15.0.0 AGPL-3.0 (Dalamud) / SDK terms per goatcorp Plugin SDK; pulls in DalamudPackager 15.0.0.
.NET 10 SDK MIT Build toolchain.

Bundled assets

Asset Licence Source
Exo 2 (HellionFont.ttf) SIL Open Font License 1.1 Google Fonts / Natanael Gama. The OFL licence text travels embedded next to the font (HellionFont-OFL.txt) to satisfy the "licence must be distributed with the font" clause.
Hellion plugin icon (images/icon.png) © Hellion Media, included under the project licence (EUPL-1.2). Original artwork.

Upstream code

HellionChat is a fork of Chat 2 by Infiziert90 (Infi) and Anna Clemens, also licensed under EUPL-1.2. The bulk of the code, including the message store architecture, the channel logic, the hook system and the ImGui chat window, originates from upstream. See NOTICE.md and UPSTREAM_SYNC.md for the attribution and the cherry-pick policy.

Components that touch the network

Of everything listed above, none of the bundled or NuGet components opens network connections on their own. All outbound traffic is initiated explicitly by HellionChat's own source files and is documented in PRIVACY.md under "Outbound network calls":

  • ChatTwo/EmoteCache.cs → BetterTTV API + CDN (opt-out via setting)
  • ChatTwo/FontManager.cs → Square Enix Lodestone font CDN (one-time download)

Verifying this list

To regenerate the dependency inventory after a version bump:

dotnet list ChatTwo.sln package --include-transitive

The "direct NuGet dependencies" table above only lists direct references. Transitive dependencies pulled in by Dalamud SDK or by the listed packages are covered by the SDK / package licences and documented by their respective maintainers.

To re-audit the network-call inventory:

grep -rn -E "HttpClient|HttpRequest|new Uri\(|https?://" \
  --include="*.cs" ChatTwo/

Any new hit that is not a click-through (Util.OpenLink) or a payload-parsing call must be added to PRIVACY.md before release.

Reference in New Issue View Git Blame Copy Permalink