Re: LibreJS (was Re: CodeBerg addition)
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > In practice, if sites that are 100% free software are not being > recognized by LibreJS, and the way modern sites are put together makes > doing this non-trivial, What does that mean, concretely? That argyment, as stated, is too vague to prove anything. That doesn't mean you're necessarily wrong, but I ask you to state the argument clearly enough that we can judge it. then the problem is LibreJS's approach, not the > site. That does not follow. There might be something that can be improved in LibreJS's approach, but "It's hard so give up" is not a good reason. In order to consider an improvement we need a specific idea for what improvement. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: LibreJS (was Re: CodeBerg addition)
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] To verify that a web site's JS code is free is difficult if it doesn't indicate licenses and source code. The lack of that also makes changing the Javascript code difficult in practice. Thus, passing LibreJS is important for users' freedom. It is the necessary follow-through for making the JS code free. What is the difficulty in making Codeberg's JS code clearly licensed? Could we halp do that? It is much better to do work to make the code clearly licensed than to do work to avoid saying whether it is clearly licensed. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: LibreJS (was Re: CodeBerg addition)
Just my first impressions, I could imagine any FSF- or GNU-hosted spot for an authoritative list could work. I can see how the Directory could tie in maybe. It seems sensible enough that some process of recognition by GNU evaluators is acceptable, and combine that with a hash could possibly be enough such that *all* Forgejo (for example) instances (known in advance or not) would pass if they use the same js file with the same hash. And thus LibreJS would indicate that the hash has changed as soon as that is detected, and that would prompt a process of checking that the change doesn't change the licensing etc. I can't speak to the technical issues, but the human work on maintaining the list would be feasible though not totally trivial. I could imagine a project like Forgejo having a script that automatically alerts FSF of changes to the JS, and I could imagine a Forgejo maintainer serving as the trusted adjudicator. In practice, would allowing Forgejo to attest to its own freedom in such a list be any different than the status quo where the project attests to the freedom by marking licensing? On 2024-01-05 3:53, Yuchen Pei wrote: On Fri 2024-01-05 08:24:53 -0800, Aaron Wolf wrote: The one thought on LibreJS improvement I was imagining so far: Some sort of crowdsourced list of recognized free JS, like the way that adblocking lists are put together to block ads. I imagine a whitelist that just knows that Codeberg's JS is free, so it is whitelisted not by individual local users of LibreJS but by a collected list everyone gets by default. For such a list to be authoritative enough to be used for forge evaluation, it needs to be maintained and vetted. What would be the best way to do that? A natural idea would be to draw from the Free Software Directory, which FSF staff maintains by evaluating and approving entries on weekly meetings. Does this process already evaluate javascript libraries and applications? Are there already js projects in the FSD? I see a submission of forgejo[1], but that may not be sufficient because presumably codeberg has its own url under its own domain for the js files, so naively either there needs to be a correspondence between forgejo (possibly minified) js files and codeberg js urls. Technically there should be hashes to the files also in case they get updated. [1]https://directory.fsf.org/wiki/Forgejo On 2024-01-05 4:08, Yuchen Pei wrote: On Thu 2024-01-04 13:49:00 -0800, Aaron Wolf wrote: Note that there's also this issue at Gitea: https://github.com/go-gitea/gitea/issues/13393 Anyway, I think it is not okay to downgrade Codeberg for not functioning with LibreJS when it is 100% free software anyway. Insisting on this particular tooling needs to not be such a strong requirement. I think LibreJS needs some improved options for operating and should not be a blocker to Codeberg getting a higher grade. In practice, if sites that are 100% free software are not being recognized by LibreJS, and the way modern sites are put together makes doing this non-trivial, then the problem is LibreJS's approach, not the site. Suggestions on how to improve librejs to make site administrators life easier to comply are welcome :) [... 33 lines elided] Best, Yuchen -- Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11 PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 https://ypei.org/assets/ypei-pubkey.txt Best, Yuchen -- Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11 PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 https://ypei.org/assets/ypei-pubkey.txt
Re: LibreJS (was Re: CodeBerg addition)
On Fri 2024-01-05 08:24:53 -0800, Aaron Wolf wrote: > The one thought on LibreJS improvement I was imagining so far: > Some sort of crowdsourced list of recognized free JS, like the way > that adblocking lists are put together to block ads. I imagine a > whitelist that just knows that Codeberg's JS is free, so it is > whitelisted not by individual local users of LibreJS but by a > collected list everyone gets by default. For such a list to be authoritative enough to be used for forge evaluation, it needs to be maintained and vetted. What would be the best way to do that? A natural idea would be to draw from the Free Software Directory, which FSF staff maintains by evaluating and approving entries on weekly meetings. Does this process already evaluate javascript libraries and applications? Are there already js projects in the FSD? I see a submission of forgejo[1], but that may not be sufficient because presumably codeberg has its own url under its own domain for the js files, so naively either there needs to be a correspondence between forgejo (possibly minified) js files and codeberg js urls. Technically there should be hashes to the files also in case they get updated. [1] https://directory.fsf.org/wiki/Forgejo > On 2024-01-05 4:08, Yuchen Pei wrote: >> On Thu 2024-01-04 13:49:00 -0800, Aaron Wolf wrote: >>> Note that there's also this issue at Gitea: >>> https://github.com/go-gitea/gitea/issues/13393 >>> Anyway, I think it is not okay to downgrade Codeberg for not >>> functioning with LibreJS when it is 100% free software anyway. >>> Insisting on this particular tooling needs to not be such a strong >>> requirement. >>> I think LibreJS needs some improved options for operating and should >>> not be a blocker to Codeberg getting a higher grade. >>> In practice, if sites that are 100% free software are not being >>> recognized by LibreJS, and the way modern sites are put together makes >>> doing this non-trivial, then the problem is LibreJS's approach, not >>> the site. >> Suggestions on how to improve librejs to make site administrators life >> easier to comply are welcome :) >>> [... 33 lines elided] >> Best, >> Yuchen >> -- >> Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11 >> PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 >> https://ypei.org/assets/ypei-pubkey.txt Best, Yuchen -- Dr Yuchen Pei | https://ypei.org | Timezone: UTC+11 PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 https://ypei.org/assets/ypei-pubkey.txt
Re: LibreJS (was Re: CodeBerg addition)
The one thought on LibreJS improvement I was imagining so far: Some sort of crowdsourced list of recognized free JS, like the way that adblocking lists are put together to block ads. I imagine a whitelist that just knows that Codeberg's JS is free, so it is whitelisted not by individual local users of LibreJS but by a collected list everyone gets by default. On 2024-01-05 4:08, Yuchen Pei wrote: On Thu 2024-01-04 13:49:00 -0800, Aaron Wolf wrote: Note that there's also this issue at Gitea: https://github.com/go-gitea/gitea/issues/13393 Anyway, I think it is not okay to downgrade Codeberg for not functioning with LibreJS when it is 100% free software anyway. Insisting on this particular tooling needs to not be such a strong requirement. I think LibreJS needs some improved options for operating and should not be a blocker to Codeberg getting a higher grade. In practice, if sites that are 100% free software are not being recognized by LibreJS, and the way modern sites are put together makes doing this non-trivial, then the problem is LibreJS's approach, not the site. Suggestions on how to improve librejs to make site administrators life easier to comply are welcome :) [... 33 lines elided] Best, Yuchen -- Dr Yuchen Pei |https://ypei.org | Timezone: UTC+11 PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 https://ypei.org/assets/ypei-pubkey.txt
Re: LibreJS (was Re: CodeBerg addition)
On Thu 2024-01-04 13:49:00 -0800, Aaron Wolf wrote: > Note that there's also this issue at Gitea: > https://github.com/go-gitea/gitea/issues/13393 > Anyway, I think it is not okay to downgrade Codeberg for not > functioning with LibreJS when it is 100% free software anyway. > Insisting on this particular tooling needs to not be such a strong > requirement. > I think LibreJS needs some improved options for operating and should > not be a blocker to Codeberg getting a higher grade. > In practice, if sites that are 100% free software are not being > recognized by LibreJS, and the way modern sites are put together makes > doing this non-trivial, then the problem is LibreJS's approach, not > the site. Suggestions on how to improve librejs to make site administrators life easier to comply are welcome :) > [... 33 lines elided] Best, Yuchen -- Dr Yuchen Pei | https://ypei.org | Timezone: UTC+11 PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 https://ypei.org/assets/ypei-pubkey.txt