Checklist

As a technopolitical project, Decidim needs several things to work. This is a non comprehensive list that serves as a general recommendation of what things you need to have it working with the best practices:

Technological

  1. Choose a domain or subdomain for your application. Some typical names involve "Participation" or "Decision" conjugations.

  2. Choose which languages do you want for your application. In case that your language is not supported you should translate it on Crowdin.

  3. Configure the time zone for your organization. If you change it afterwards you will need to review all the dates from your contents.

  4. Customize the look and feel (colors, pictures, fonts, etc).

  5. Configure SSL:

    1. We recommend using at least Let’s Encrypt for minimum security.

    2. Configure redirection from HTTP to HTTPS on your web server.

    3. Configure your Certificate Authority Authorization (CAA) DNS records

    4. Install complete Certificate Chains if it is needed for your provider

    5. Use current SSL/TLS Protocols (TLS 1.2 or 1.3)

    6. If you add new static files, be careful of not introducing mixed content

    7. Use the SSL Server Test and follow their recommendations

  6. Configure your SMTP server.

  7. Setup the geolocation service. We recommend using Here Maps, but you can use other kind of tiling server compatible with Open Street Maps.

  8. Setup backup on your server. The most important things to save are the public/uploads and the database.

  9. Decide and implement which kind of Authorization you are going to use.

  10. Comply with our License (Affero GPL 3) and publish your code to GitHub or wherever you want.

  11. Review your decidim initializer on your application (config/initializers/decidim.rb).

  12. Configure your ActiveJob background queue.

  13. Configure your ActiveStorage dynamic uploads.

  14. If you want, configure your social providers to enable login using external applications.

  15. Check that you do not have any default users, emails and passwords, neither on the admin or on the system panel.

  16. Configure scheduled tasks.

  17. You should have a staging / preproduction environment where to test changes before deploying to production. If this environment has a copy of production database, you should disable the SMTP server and for privacy issues you should change the usernames / names / emails.

  18. You should have a exception tracking service or gem, like Errbit, Exception Notification, Airbrake or Sentry.

Contents

  1. Ideally you will have a Team formed with experts on IT, Communication, Participation, Design and Law.

  2. Texts for at least, terms of service, privacy policy and frequently asked questions. To show the "Terms of service" body text in the "Sign Up Form", it is a requirement that the slug of this page to be equal terms-of-service.

  3. Comply with your current legal requirements, like to registrate your privacy policy with the authorities (eg LOPD on Spain).

  4. Fill the Participatory Processes Configuration Form to prepare your Participatory Process for Decidim.

  5. Read the Administration manual.

  6. Participate on Metadecidim.

  7. Read the Decidim Social Contract.