Great, thanks for the update! I've done what I could for today, here's
my updates:
C6: https seems fine to me, LE cert and everything checks out in my
browser, is there anything more to review?
B0 LibreJS: https://codeberg.org/assets/js/index.js gets blocked as not
marked in a way LibreJS understands, but there is a license mention
somewhere in the file which links to the MIT license file for
https://github.com/zloirock/core-js which seems to be the upstream JS
used. There are also some accepted trivial in-line scripts. This seems a
LibreJS issue perhaps, the JS is indeed freely licensed. There is
already an issue tracking this at
https://codeberg.org/forgejo/forgejo/issues/1654
It is clear to me that this is a technical detail and not a matter of
whether the JS is free or not.
B1: pass, I have never seen a tracking-tag or any third-party requests,
there's no advertising, no indication of any issue here
B2: I think fail for now unfortunately.
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
*requires* free software licensing (with a very few reasonable
exceptions). However, the inherited software interface has some issues.
The new-repository settings prompt license choices, links to
https://choosealicense.com/ for license consideration, and that is
neutral on the topic of GLP-N-only. The selection pull-down has an
enormous list which includes the -only licenses as well as all CC
licenses (including non-free) and even outdated old versions. It also
has strange non-free discriminatory licenses like BSD-3-No-Military.
There is already an issue here:
https://codeberg.org/forgejo/forgejo/issues/1404 and I commented there
about the scope of what I think would resolve this. I already got a
response, and it indicates this should be easy enough to fix, so we
could see this pass soon. Alternatively, I'd also say this would pass if
the Terms were clearer on the N-only issue.
Note: this criterion B2 could be fleshed out to list more bad practices
such as adding non-free clauses to licenses and using outdated versions
of licenses (though I would not prefer to see sites fail this criterion
just because they decide to include GPL-2-or-later for compatibility
with existing GPL-2 projects).
A0: I lean toward voting for pass, despite not being perfect. The text
shows up "This website requires JavaScript." The site loads still, and
all content is visible and downloading files works without JS.
Interactions are not quite as smooth though. When I tested posting a
comment, I got a rate-limit notice. That notice does offer to do some
intervention by contacting them. Perhaps they could whitelist a user
account and/or IP in order to bypass rate-limiting. When I returned to
the page in question with JS enabled, my original post did actually go
through. So, it appears that much (if not all) of the functions are
doable without JS if not for the rate-limiting.
A1: I've not further checked, but I'm pretty sure this passes
A2: could be fixed with the items I mentioned above under B2
A4: PASS
"for practical use" is Richard's excuse for using ND (No-Derivatives)
licensing on his political opinion publications. He insists that works
of opinion are distinct from "practical use" and do not have the issues
of freedom that software has. I and many others disagree and believe
that cultural freedom fits all the same issues. We need not debate this
again here, Richard's views are encoded in the criteria in this case.
The fact is for Codeberg,
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
makes it clear that all repos must use free licensing, no matter what
type of work it is, "practical" or otherwise.
A5: PASS, pretty sure, there's no service recommendations at all
A6: I vote for passing here actually. Look at
https://docs.codeberg.org/getting-started/what-is-codeberg/ and see that
they mostly use the term "free software" and *not* "open source". They
sometimes say "Free and Open Source Software" but most of the references
are like "On Codeberg you can develop your own Free Software projects".
Overall, Codeberg embraces the term "free software" and prioritizes it
over "open source". I don't think this criterion should be interpreted
as a prohibition on the term "open source". It's more that this isn't
one of those common places that uses "open source" as their default
term. Codeberg is clearly "free software" focused.
A7: I vote PASS. I see zero space between the FSF's definitions and
Codeberg's understanding. There are some people pushing against the
FSF/GNU understanding, and some opened this issue
https://codeberg.org/Codeberg/Community/issues/385 which I just now
commented on. But the organization has not supported these directions,
though they didn't block or close the discussion.
A9: Fail, though I personally worry that this criterion is out of
alignment with today's common practices even in dedicated free software
in terms of Git and version control management of licensing. However, I
might be wrong and this per-file licensing really is optimal. I would
push to reconsider this criterion and move it to A+ level at least.
A+1: Pass.
https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md makes
it clear they do not log anything about visitors and there is no reason
to doubt this. If we have reason to suspect otherwise, it would be like
revisiting any other issue. Other services like GitHub have much more
invasive privacy policies.
A+2: I believe they pass, we could ask someone on the Codeberg team to
verify. Their Privacy Policy and everything I've seen fits these
recommendations.
A+3: I think they meet most of these, but this is a huge task to check
everything, and I'd doubt they are perfect. How good does something need
to be on these to pass?
A+4: TODO side-note: the link in the criteria needs to be updated, the
new link is https://www.w3.org/WAI/ARIA/apg/practices/
A+5: I think it passes. It's *possible* but not simple. There is not a
straight-forward data exporting, there is only API-based transfer which
is usually done by triggering import command at another Forgejo
instance. However, there is also a dump-repo command to export data,
though that still does it via the API.
https://codeberg.org/forgejo/forgejo/issues/398 is about improving that
process. https://codeberg.org/forgejo/forgejo/issues/248 is also
relevant. https://codeberg.org/Codeberg/Community/issues/896 is about
Codeberg rate-limits delaying or blocking export.
https://codeberg.org/Codeberg/Community/issues/960 is another issue
indicating that exporting is indeed possible but needs improved process.
Here's an issue about export also including user profile:
https://codeberg.org/Codeberg/Community/issues/420 and again, this is
messy but possible and being worked on.
On 2023-12-29 5:19, Fischers Fritz wrote:
Dear associates,
I have begun the review and was pleased with the signup process.
However, I have not received the account yet. Aaron, since you
already have the account, would you like to handle some
of the remaining points? Below are my conclusions so far.
With great honor,
Fischers Fritz
C0: Pass
I registered with w3m.
C1: Pass
I registered with w3m.
C2: Pass
Codeberg bylaws section § 3.1 says.
> Mitglied kann jede natürliche oder juristische Person oder rechtsfähige
> Personengesellschaft werden.
https://codeberg.org/Codeberg/org/src/branch/main/Satzung.md
In English this is
> Every natural person, legal person or legal partnership can become a
member.
https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md
C3: TODO
C4: Pass
https://codeberg.org/assets/js/licenses.txt
https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md
C5: Pass
Recommends and encourages GPL 3-or-later licensing at least as much as any
other kind of licensing. (C5)
> Repository content shall be licensed under an open-source license approved
by
> the Free Software Foundation (see list of the FSF) or the Open Source
Initiative
> (see list of the OSI).
> Reasonable exceptions are to a very limited extent considered acceptable.
For
> example, releasing single logo image files of a FLOSS project under no
licence
> or a separate non-free licence that requires derivative works to use their
own
> logo that is clearly distinguishable from the original work even in
absence of
> trademark registration.
C6: TODO
Support HTTPS properly and securely, including the site's certificates. (C6)
B0: TODO
Reviewhttps://codeberg.org/assets/js/licenses.txt
and test with LibreJS.
B1: TODO
B2: TODO
Does not encourage bad licensing practices (no license, unclear licensing,
GPL N only). (B2)
B3: Pass
(See C5.)
A0: TODO
Signup worked fine with w3m.
However, I have not received the account, so I have not tested
other functions.
A1: TODO
I think it passes, but I have not checked thoroughly.
A2: Fail
(See C5.)
A3: Pass
(See C5.)
A4: TODO
I believe Codeberg to fail A4, but I am not sure, because I do not understand
the phrase "for practical use". (See C5.) Does somebody know what this means?
A5: Todo
Does not recommend services that are SaaSS. (A5)
A6: FAIL
(See C5.)
A7: TODO
I say pass, but I would like another opinion.
A8: Pass
I didn't notice references to GNU/Linux, GNU, nor Linux.
A9: TODO
A+0: Pass
A+1: TODO
A+2: TODO
A+3: TODO
A+4: TODO
A+5: TODO
Codeberg claims to pass this criterion by being a Forgejo instance.
According to Codeberg, "[b]y choosing a Forgejo instance, you can
easily migrate away from Codeberg in case you don't like it." We can
test the claim by exporting a Codeberg account's data and importing it
to another Forgejo instance.