Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] I think your proposed changes are good. Does anyone disagree or have more to add? -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
I think it is enough if we would change a few words. I think this addresses the problems I relayed without creating the troubles that others have mentioned. Indicate the web focus by changing the first sentence from > We developed these criteria to judge services for hosting parts of the > GNU operating system, but we recommend them to everyone that wants to > use a service for publicly hosting free source code (and optionally > executable programs too). to > We developed these criteria to judge web services for hosting parts of the > GNU operating system, but we recommend them to everyone that wants to > use a web service for publicly hosting free source code (and optionally > executable programs too). Indicate that grade C doesn't have any ethics we consider specific to GNU packages by changing the name of grade C from > C - Acceptable hosting for a GNU package to > C - Acceptable And instead, mention the relevance to GNU at the beginning of the criteria, like this. > Code-hosting sites are graded from F to A+. GNU packages should only > use code-hosting sites with at grade of C or better. Judging from discussion in April, I gather the webpage source code is hosted in a CVS repository. If someone points me to it, I could format the above proposal as a patch.
Re: Feedback on our evaluation criteria
> > 1. In the above example of GitHub getting grade F for important > > site functionality requiring nonfree JavaScript, for example, > > we could perhaps link to an email list discussion where we refer > > to a particular instance of important functionality breaking > > when we don't run a particular nonfree JavaScript. > > I think this is not a wise idea. > > * It would be a lot more work, and we have more important things we > should attend to. > > * Pointing at those discussions would focus attention on the > disagreements in the discussions. That could be counter productive. > > I suggest asking your associate to give suggestions of what sorts > of answers perse would want to see. That way we could look at > this question more clearly. I think he was hoping for a list of some non-free JavaScript files so that he (were he running the code-hosting website) could look through each and fix them. We cannot be expected to provide a complete list, but I imagine it is useful to list any that we discovered in the course of the evaluation.
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > for anything other than the web, > people just would not think to throw hurdles in the way, such as non-free code, > captchas, 2FA, or gatekeepers - those are all part of the web culture This is a very interesting point. I will show it to someone who might write about it. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > other than savannah, they all have that issue - none have adequate > licensing documentation - the reason why github is singled-out on > that one flaw is just historical - github was the first on the > list beside savannah - that statement could be made generically; > but myself, i would remove it - It makes sense to treat all the sites with that problem alike. But there are various manners of treatment that we could apply to them all. This point is important, and we should make that clear to the reader. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > 1. Clarify that the criteria apply only to source code hosting websites; > >some projects may want to use non-website source code hosting. > the criteria can apply to any hosting service operated by any software project > or any third-party - whether or not those are websites is irrelevant - the > criteria are not judging the service software - they are judging the site > operators' treatment of their users - eg: which unethical practices do they (via > software or otherwise) encourage hosted projects to follow, or impose upon > people (anyone) who try to read or get source code from that host Do we need to change https://www.gnu.org/software/repo-criteria.html to make that point clear? > that wording is plainly because GNU can dictate what is > "acceptable" only for itself - GNU has no authority over non-GNU > projects; so it would be pretentious to define what others should > or should not accept - independent projects must decide for > themselves what is acceptable; because only they have the > authority to accept or reject these principles in the context of > each their own projects That is true but I am not sure it is pertinent. To state criteria for judging repos does not imply that we try to dictate to everyone what they can do. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
On Thu, 16 May 2024 17:38:47 -0400 Richard wrote: > > 1. Clarify that the criteria apply only to source code hosting websites; > >some projects may want to use non-website source code hosting. > > Are there really projects that want to do this? > Do any projects do this now? it is not likely - "non-website" source code hosting, whatever the form, would most likely be simple to access and unfettered (git, rsync, etc) - web access is where the problems are most likely to be - for anything other than the web, people just would not think to throw hurdles in the way, such as non-free code, captchas, 2FA, or gatekeepers - those are all part of the web culture
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > 1. In the above example of GitHub getting grade F for important > site functionality requiring nonfree JavaScript, for example, > we could perhaps link to an email list discussion where we refer > to a particular instance of important functionality breaking > when we don't run a particular nonfree JavaScript. I think this is not a wise idea. * It would be a lot more work, and we have more important things we should attend to. * Pointing at those discussions would focus attention on the disagreements in the discussions. That could be counter productive. I suggest asking your associate to give suggestions of what sorts of answers perse would want to see. That way we could look at this question more clearly. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > 2. The evaluations are inconsistent among different repositories. > For example, we say that "[t]he worst thing that github.com does is > to encourage bad licensing practice: failure to include a license, > failure to state the license on each source file, and failure > to specify 'version 3 or later' when using the GNU GPL. (B2)" > But we don't say this about, e.g., GitLab, which has the same issue. I see that confusion in the page. It feels contradictory to say this is the "worst thing" and put it at level B. One would expct the "worst flaw" to be at level C. But I would say, rather, that what th epage says now is correct, but unclear. "The worst thing github.com does" is an oversimplification and unclear. There are different kinds of bad here: * Diret and immediate injustice to the user. (These are why github.com gets a faoiling grade) * Long-term spreading of bad practices, such as encouraging bad practices. I think the current classification of these two is correct, but we should talk about the gravity of the B2 failure in a way that clearly makes this distinction. And yes, we should say that about each site that fails B2. Perhaps we should say that in the definition of B2. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Finally, I remarked during our conversation that it is inconvenient > to have only criteria for GNU projects, not also for non-GNU projects. Really these criteria are for anyone who cares about the issue. We don't need to write separate "criteria are non-GNU projects". But we could explain more clearly what these are for. WDYT? > 3. Assuming we consider it is acceptable for non-GNU packages that their >code hosting repository does not permit access by Tor (C3) and has >non-GNU licensing recommendations (C5), move criteria C0, C1, C2, C4, >and C6 from grade "C" to grade "C-". If people don't want to heed our adcice, they ca do whatever they like. If they disagree with some critera, they don't need our explicit permission to disregard those. However, for those that want to heed our advice, we sh0uld give them the same advice we give each other. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > 1. Clarify that the criteria apply only to source code hosting websites; >some projects may want to use non-website source code hosting. Are there really projects that want to do this? Do any projects do this now? If so, what methods do they use and what are their reasons? I don't think we should spend time on this question unless there are people who want advice about this. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Feedback on our evaluation criteria
Dear Bill, It seems we have already fixed point 1 and are aware of point 2, but it seems also that I was unclear about what I meant by "detail", so I explain. For cases where we already have the detail, the suggestion is to include it in another webpage. > for example: "no non-free JS" - I imagine my associate would have liked the evaluation to reference a particular non-free JavaScript file required to use the site. > for example: "does not log user activity" - I imagine my associate would have liked the evaluation to reference an account of how we determined that the site logs user activity. About my suggestion for criteria relevant to non-GNU projects, I would indeed like to have a set of guidelines that we could describe as follows. > "These guidelines are perfectly relevant to any software project and any code > host. Anyone, either as a user or an project maintainer, may adopt them; > and any service operator may apply them." I find this not to describe the current criteria, since I find many of the present guidelines to be relevant specifically for GNU projects. About non-websites: Individual criteria are useful for evaluation of non-websites, but free non-websites will score F; it would have been better if I had said the grades were misleading for non-websites. Non-websites will score F because they don't have HTTP. For the grading to be useful to non-websites, we would need to remove the criteria specific to HTML, JavaScript, HTTP, and maybe Tor. Or we could change those criteria so that these protocols are optional. > GNU has no authority over non-GNU projects; so it would be pretentious > to define what others should or should not accept - independent projects must > decide for themselves what is acceptable; because only they have the authority > to accept or reject these principles in the context of each their own projects I find this point to be at odds with the proposal to say that "these guidelines are perfectly relevant to any software project and any code". Could it be that you have a less pretentions wording in mind that would work for this potential grade? With distinguished salutations, Fischers Fritz
Re: Feedback on our evaluation criteria
On Tue, 14 May 2024 21:33:33 + Fischers wrote: > However, he would like to have link to the detailed evaluation > of the relevant criterion. He explains, if I am the one running > the repository, I want instructions of how I can improve the score. there is no elaborate or comprehensive specification of the criteria - for most of the criteria, it would not be possible to give explicit generic instructions - the guidelines are (hopefully) detailed enough such that any webmaster should know what what each entails - if not, one could ask on this mailing list for advice about specific cases for example: "no non-free JS" - solution: get rid of the non-free JS - write your own JS to replace it if necessary - the criteria can not presume or predict which JS are used, which are important for site functionality, or which could be re-written or replaced for example: "does not log user activity" - solution: turn off logging - simple enough, but _how_ to do that depends on the specific software and/or the server OS - there is really no way to give instructions that would not essentially be a primer course on "how to be a webmaster or sysadmin" On Tue, 14 May 2024 21:33:33 + Fischers wrote: > 2. The evaluations are inconsistent among different repositories. > For example, we say that "[t]he worst thing that github.com does is > ... > But we don't say this about, e.g., GitLab, which has the same issue. other than savannah, they all have that issue - none have adequate licensing documentation - the reason why github is singled-out on that one flaw is just historical - github was the first on the list beside savannah - that statement could be made generically; but myself, i would remove it - it is not doing any work; because there is a specific criteria for "encouraging good licensing practices", which is sufficient to make the point On Tue, 14 May 2024 21:33:33 + Fischers wrote: > we could perhaps link to an email list discussion where we refer > to a particular instance of important functionality breaking the next revision will have exactly that - the very previous email sent to this list has a patch to add that feature - in the past, that information was available only by searching the past discussions on this list - now a checklist is kept for each host, including links to the most relevant past evaluations; but there is no single "instance" - it is not possible to consolidate everything discussed about a specific host or criteria; because these discussions involve emails from many people and can span weeks, months, or years for example: https://libreplanet.org/wiki/ERC/Notabug On Tue, 14 May 2024 21:33:33 + Fischers wrote: > I believe we could assist non-GNU projects in exercising their freedom > if we would publish criteria and evaluations of ethical repository services. that seems to me to be the definition of these criteria - everything is published - what is missing? - would you prefer if it specified: "These guidelines are perfectly relevant to any software project and any code host. Anyone, either as a user or an project maintainer, may adopt them; and any service operator may apply them." IMHO, that goes without saying On Tue, 14 May 2024 21:33:33 + Fischers wrote: > 1. Clarify that the criteria apply only to source code hosting websites; >some projects may want to use non-website source code hosting. the criteria can apply to any hosting service operated by any software project or any third-party - whether or not those are websites is irrelevant - the criteria are not judging the service software - they are judging the site operators' treatment of their users - eg: which unethical practices do they (via software or otherwise) encourage hosted projects to follow, or impose upon people (anyone) who try to read or get source code from that host On Tue, 14 May 2024 21:33:33 + Fischers wrote: > Finally, I remarked during our conversation that it is inconvenient > to have only criteria for GNU projects, not also for non-GNU projects. > > 2. Create a new grade "C-" with the full title >"C- -- Acceptable hosting for a non-GNU package". that wording is plainly because GNU can dictate what is "acceptable" only for itself - GNU has no authority over non-GNU projects; so it would be pretentious to define what others should or should not accept - independent projects must decide for themselves what is acceptable; because only they have the authority to accept or reject these principles in the context of each their own projects
