Just my first impressions, I could imagine any FSF- or GNU-hosted spot
for an authoritative list could work.
I can see how the Directory could tie in maybe.
It seems sensible enough that some process of recognition by GNU
evaluators is acceptable, and combine that with a hash could possibly be
enough such that *all* Forgejo (for example) instances (known in advance
or not) would pass if they use the same js file with the same hash. And
thus LibreJS would indicate that the hash has changed as soon as that is
detected, and that would prompt a process of checking that the change
doesn't change the licensing etc.
I can't speak to the technical issues, but the human work on maintaining
the list would be feasible though not totally trivial. I could imagine a
project like Forgejo having a script that automatically alerts FSF of
changes to the JS, and I could imagine a Forgejo maintainer serving as
the trusted adjudicator.
In practice, would allowing Forgejo to attest to its own freedom in such
a list be any different than the status quo where the project attests to
the freedom by marking licensing?
On 2024-01-05 3:53, Yuchen Pei wrote:
On Fri 2024-01-05 08:24:53 -0800, Aaron Wolf wrote:
The one thought on LibreJS improvement I was imagining so far:
Some sort of crowdsourced list of recognized free JS, like the way
that adblocking lists are put together to block ads. I imagine a
whitelist that just knows that Codeberg's JS is free, so it is
whitelisted not by individual local users of LibreJS but by a
collected list everyone gets by default.
For such a list to be authoritative enough to be used for forge
evaluation, it needs to be maintained and vetted. What would be the best
way to do that? A natural idea would be to draw from the Free Software
Directory, which FSF staff maintains by evaluating and approving entries
on weekly meetings. Does this process already evaluate javascript
libraries and applications? Are there already js projects in the FSD? I
see a submission of forgejo[1], but that may not be sufficient because
presumably codeberg has its own url under its own domain for the js
files, so naively either there needs to be a correspondence between
forgejo (possibly minified) js files and codeberg js urls. Technically
there should be hashes to the files also in case they get updated.
[1]https://directory.fsf.org/wiki/Forgejo
On 2024-01-05 4:08, Yuchen Pei wrote:
On Thu 2024-01-04 13:49:00 -0800, Aaron Wolf wrote:
Note that there's also this issue at Gitea:
https://github.com/go-gitea/gitea/issues/13393
Anyway, I think it is not okay to downgrade Codeberg for not
functioning with LibreJS when it is 100% free software anyway.
Insisting on this particular tooling needs to not be such a strong
requirement.
I think LibreJS needs some improved options for operating and should
not be a blocker to Codeberg getting a higher grade.
In practice, if sites that are 100% free software are not being
recognized by LibreJS, and the way modern sites are put together makes
doing this non-trivial, then the problem is LibreJS's approach, not
the site.
Suggestions on how to improve librejs to make site administrators life
easier to comply are welcome :)
[... 33 lines elided]
Best,
Yuchen
--
Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11
PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0
https://ypei.org/assets/ypei-pubkey.txt
Best,
Yuchen
--
Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11
PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0
https://ypei.org/assets/ypei-pubkey.txt
