Checklist

As a technopolitical project, Decidim needs several things to work. This is a non comprehensive list that serves as a general recommendation of what things you need to have it working with the best practices:

Technological

  1. Choose a domain or subdomain for your application. Some typical names involve "Participation" or "Decision" conjugations.

  2. Choose which languages do you want for your application. In case that your language isn’t supported you should translate it on Crowdin.

  3. Customize the look and feel (colors, pictures, fonts, etc).

  4. Configure SSL:

    1. We recommend using at least Let’s Encrypt for minimum security.

    2. Configure redirection from HTTP to HTTPS on your web server.

    3. Configure your Certificate Authority Authorization (CAA) DNS records

    4. Install complete Certificate Chains if it’s needed for your provider

    5. Use current SSL/TLS Protocols (TLS 1.2 or 1.3)

    6. If you add new static files, be careful of not introducing mixed content

    7. Use the SSL Server Test and follow their recommendations

  5. Configure your SMTP server.

  6. Setup the geolocation service. We recommend using Here Maps, but you can use other kind of tiling server compatible with Open Street Maps.

  7. Setup backup on your server. The most important things to save are the public/uploads and the database.

  8. Decide and implement which kind of Authorization you’re going to use.

  9. Comply with our License (Affero GPL 3) and publish your code to GitHub or wherever you want.

  10. Review your decidim initializer on your application (config/initializers/decidim.rb).

  11. Configure your ActiveJob background queue.

  12. If you want, configure your social providers to enable login using external applications.

  13. Check that you don’t have any default users, emails and passwords, neither on the admin or on the system panel.

  14. Configure scheduled tasks.

  15. You should have a staging / preproduction environment where to test changes before deploying to production. If this environment has a copy of production database, you should disable the SMTP server and for privacy issues you should change the usernames / names / emails.

  16. You should have a exception tracking service or gem, like Errbit, Exception Notification, Airbrake or Sentry.

Contents

  1. Ideally you’ll have a Team formed with experts on IT, Communication, Participation, Design and Law.

  2. Texts for at least, terms of use, privacy policy and frequently asked questions. To show the "Terms and conditions" body text in the "Sign Up Form", it is a requirement that the slug of this page to be equal terms-and-conditions.

  3. Comply with your current legal requirements, like to registrate your privacy policy with the autorities (eg LOPD on Spain).

  4. Fill the Participatory Processes Configuration Form to prepare your Participatory Process for Decidim.

  5. Read the Administration manual.

  6. Participate on MetaDecidim.

  7. Read the Decidim Social Contract.