On 2024-04-15 9:33, bill-auger wrote:
On Thu, 21 Dec 2023 19:17:32 -0800wolft...@riseup.net wrote:
I don't like the phrase "operate on projects", I don't think that is the key
point. I think the key point is to access the projects at all.
Maybe something like this: "Access to any public parts of projects is not limited by
any form of authentication of visitors." ?
i think i and aaron basically agree - i would not even bother specifying
"public parts of projects" so verbosely - the only "parts" that is important is
the source code - unauthenticated git access alone, would satisfy this; and
every forge that i have ever seen allows that - any other "parts" are the ones
that should require authentication (write access - eg: posting tickets,
offering patches, etc) - even "reading" tickets and patches is not so essential
to software freedom
to swing to that the extreme, one could suggest that people should be able to
send patches and report bugs without authentication; but even savannah does not
allow that
IMHO, my version is concise and adequate
Allows viewing and downloading source code without authenticating. (A+0)
bearing in mind that this proposal is to elevate A+0, and bearing in mind that
every public forge satisfies A+0 and would not conceive to do otherwise,
because to do so is effectively to make the forge private, what other "public
parts of projects" does that exclude, which are important enough at the B level?
On Thu, 21 Dec 2023 19:17:32 -0800wolft...@riseup.net wrote:
Also, I still think "authentication" seems not specific enough. Is it
"authentication" when GitLab.com does some cloudflare check that blocks the entire site
from loading upon failure?
yes, that is part of their authentication procedure - that is a separate issue
- that is suggesting "what of the website does not allow some users to login",
which is C2 (Does not discriminate) - the point of A+0 is simply "must you
login?", regardless of how (password, API token, whatever - the form of the
auth is irrelevant
I'm not sure you understand my point. GitLab does the Cloudflare
"authentication" when someone visits a public listing of a project with
no logging in at all. It is a cloudflare-verification-wall to even
loading the normal public website. And if someone visits with a generic
browser with JS functioning and typical cookies etc. whatever, they
don't do any logging in, they don't see the verification wall, they just
see the regular public project and do not know that the verification was
even happening. And despite it happening, they are not logged in,
there's no account involved.
