On Thu, 21 Dec 2023 19:17:32 -0800 wolft...@riseup.net wrote: > I don't like the phrase "operate on projects", I don't think that is the key > point. I think the key point is to access the projects at all. > Maybe something like this: "Access to any public parts of projects is not > limited by any form of authentication of visitors." ?
i think i and aaron basically agree - i would not even bother specifying "public parts of projects" so verbosely - the only "parts" that is important is the source code - unauthenticated git access alone, would satisfy this; and every forge that i have ever seen allows that - any other "parts" are the ones that should require authentication (write access - eg: posting tickets, offering patches, etc) - even "reading" tickets and patches is not so essential to software freedom to swing to that the extreme, one could suggest that people should be able to send patches and report bugs without authentication; but even savannah does not allow that IMHO, my version is concise and adequate > Allows viewing and downloading source code without authenticating. (A+0) bearing in mind that this proposal is to elevate A+0, and bearing in mind that every public forge satisfies A+0 and would not conceive to do otherwise, because to do so is effectively to make the forge private, what other "public parts of projects" does that exclude, which are important enough at the B level? On Thu, 21 Dec 2023 19:17:32 -0800 wolft...@riseup.net wrote: > Also, I still think "authentication" seems not specific enough. Is it > "authentication" when GitLab.com does some cloudflare check that blocks the > entire site from loading upon failure? yes, that is part of their authentication procedure - that is a separate issue - that is suggesting "what of the website does not allow some users to login", which is C2 (Does not discriminate) - the point of A+0 is simply "must you login?", regardless of how (password, API token, whatever - the form of the auth is irrelevant