Richard Stallman <r...@gnu.org> writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > "Note: To be PCI compliant, you must load Stripe.js directly from > > https://js.stripe.com. You cannot include it in a bundle or host > > it yourself. This package wraps the global Stripe function > > provided by the Stripe.js script as an ES module." > > That is hard for me to understand, since I don't know what "PCI > compliant" means (or who is expected to comply with "PCI" or why). > Also, what is a "ES module" and what are the implications of that? > PCI = "Payment Card Industry Data Security Standard", which is a set of mandatory and requested measures merchants need to comply with in order to be permitted to process credit card transactions. There are different levels of compliance, which affect what the 'merchant' is allowed to do and/or the fees they must pay. ES = ECMAScript, the 'real' name for Javascript. > I wonder if users could run the free version of that JS code > while talking with Stripe. I think that is the point being made - it would seem you cannot. Richard, in all these discussions, the one question you have not addressed is why is it OK for the FSF to have a link to paypal on their donation page (https://my.fsf.org/donate), but you say individual projects cannot do the same? This seems inconsistent and potentially hypocritical.