Re: [PATCH: ]new repo-criteria v1.2
drat, there may be yet one other thing to consider - i just read the savannah documentation, to check if it satisfies the two new criteria at the 'B' level B2-1 is a check - the docs say: "any file more than ten lines long is nontrivial, so it should have copyright and license notices." but WRT the new B2-0, i dont see that mentioned in the docs - some wording may need to be added to account for it, or savannah will need to be demoted to 'C' > Explains each of the licensing options, distinguishing between GPL 2 only > and GPL 2-or-later, as well as between GPL 3 only and GPL 3-or-later. > Makes recommendations about whether and when to use each option.
Re: [PATCH]: add links to evaluation checklists
Index: www/software/repo-criteria-evaluation.html === RCS file: /web/www/www/software/repo-criteria-evaluation.html,v retrieving revision 1.26 diff -u -r1.26 repo-criteria-evaluation.html --- www/software/repo-criteria-evaluation.html 25 Apr 2022 15:38:42 - 1.26 +++ www/software/repo-criteria-evaluation.html 17 Apr 2024 03:15:33 - @@ -88,6 +88,9 @@ Savannah team. +Things that prevent savannah.gnu.org from moving up to the next grade, + A+: + There are normal Web access/download logs which sometimes include IP addresses. @@ -109,6 +112,11 @@ (A+5) +See the + https://libreplanet.org/wiki/ERC/Savannah";>complete criteria checklist + for savannah.gnu.org. + + sr.ht — B Things that prevent https://sr.ht/";>sr.ht from @@ -131,6 +139,10 @@ (A9) +See the + https://libreplanet.org/wiki/ERC/Sourcehut";>complete criteria checklist + for sr.ht. + notabug.org — C @@ -146,6 +158,10 @@ (B0) +See the + https://libreplanet.org/wiki/ERC/Notabug";>complete criteria checklist + for notabug.org. + gitlab.com — F @@ -160,6 +176,10 @@ (C0) +See the + https://libreplanet.org/wiki/ERC/Gitlab";>complete criteria checklist + for gitlab.com. + github.com — F @@ -175,6 +195,10 @@ +See the + https://libreplanet.org/wiki/ERC/Github";>complete criteria checklist + for github.com. + The worst thing that github.com does is to encourage bad licensing practice: failure to include a license, failure to state the license on each source file, and failure to specify “version 3 @@ -203,6 +227,11 @@ +See the + https://libreplanet.org/wiki/ERC/Sourceforge";>complete criteria checklist + for sourceforge.net. + +
Re: [PATCH]: add links to evaluation checklists
ok, i updated the check,lists to include the new criteria, and setup the checklists (retro-actively) for savannah, github, gitlab, sr.ht, and notabug; and moved the existing ones all under the same fake namespace ERC/ - i will send the revised patch next https://libreplanet.org/wiki/Special:WhatLinksHere/Template:ERC_Checklist
Re: [PATCH: ]new repo-criteria v1.2
one other thing to consider - probably, the two new criteria at the 'B' level will implicitly demote sr.ht to the 'C' level
Re: [PATCH: ]new repo-criteria v1.2
Index: www/software/repo-criteria.html === RCS file: /web/www/www/software/repo-criteria.html,v retrieving revision 1.15 diff -u -r1.15 repo-criteria.html --- www/software/repo-criteria.html 5 May 2022 22:31:08 - 1.15 +++ www/software/repo-criteria.html 17 Apr 2024 00:08:07 - @@ -24,11 +24,7 @@ href="https://lists.gnu.org/mailman/listinfo/repo-criteria-discuss";>repo-criteria-discuss mailing list. -You can also help us by providing feedback on -our proposed -updates to the repo criteria. - -Version 1.1 +GNU ERC Version 1.2 F — Unacceptable @@ -90,8 +86,8 @@ The site's terms of service contain no odious conditions. (C4) -Recommends and encourages GPL 3-or-later licensing at -least as much as any other kind of licensing. (C5) +No other license is recommended over GPL-3-or-later. +(C5) Support HTTPS properly and securely, including the site's certificates. (C6) @@ -114,7 +110,19 @@ Does not encourage bad licensing practices (no license, unclear licensing, GPL N only). -(B2) +(B2) + +Explains each of the licensing options, +distinguishing between GPL 2 only and GPL 2-or-later, as well as +between GPL 3 only and GPL 3-or-later. Makes recommendations about +whether and when to use each option. +(B2.0) +In particular, explains the importance of +including a license notice in all nontrivial source files, not +just in a few places. +(B2.1) + + Does not recommend nonfree licenses for works of practical use. (B3) @@ -132,7 +140,7 @@ Server code released as free software. (A1) - Encourages use of GPL 3-or-later as preferred option. + Recommends GPL 3-or-later over other licensing options. (A2) Offers use of AGPL 3-or-later as an option. @@ -166,7 +174,10 @@ Allows visitors to look and download without authenticating. (A+0) - Does not log anything about visitors. + Does not log anything about visitors. Note that + this criterion is based solely on the good faith of the forge's + administrator. There is no way to be certain that the forge refrains + from logging connections. (A+1) Follows the criteria in The Electronic Frontier @@ -176,7 +187,7 @@ Follows the https://www.w3.org/WAI/WCAG20/quickref/";>Web -“Content” Accessibility Guidelines 2.0 (WCAG 2.0) + “Content” Accessibility Guidelines 2.0 (WCAG 2.0) standard. (A+3) @@ -189,6 +200,14 @@ All data contributed by the project owner and contributors is exportable in a machine-readable format. (A+5) + + Encourages use of AGPL 3-or-later as a + preferred option. + (A+6) + + Helps or reminds users to put license notices + in their source files to go with whatever license they have chosen. + (A+7) Acknowledgements @@ -199,8 +218,10 @@ Aaron Wolf + Bill Auger Bruno Félix Rezende Ribeiro mailto:oitofe...@gnu.org";>+ Greg Farough Josh Triplett Mike Gerwitz mailto:m...@gnu.org";> Richard Stallman @@ -235,13 +256,13 @@ to mailto:web-translat...@gnu.org";> . -For information on coordinating and submitting translations of +For information on coordinating and contributing translations of our web pages, see Translations README. --> Please see the Translations -README for information on coordinating and submitting translations +README for information on coordinating and contributing translations of this article. @@ -272,7 +293,7 @@ Updated: -$Date: 2022/05/05 22:31:08 $ +$Date: 2024/04/20 15:15:23 $
Re: [PATCH: ]new repo-criteria v1.2
actually i just noticed something that doesnt look quite right - "B1-0: Explains each of the licensing options" is not really related to "B1: Does not report visitors to other organizations" i think the intention was for B1-0 to be actually B2-0; and for "B2-0: explains the importance of including a license notice" to be B2-1 - those three are all about good licensing documentation > Does not report visitors to other organizations; in > particular, no tracking tags in the pages. This means the > site must avoid most advertising networks. > -(B1) > +(B1) > + > +Explains each of the licensing options, > +distinguishing between GPL 2 only and GPL 2-or-later, as well as > +between GPL 3 only and GPL 3-or-later. Makes recommendations > about > +whether and when to use each option. > +(B1.0) > + > + > > Does not encourage bad licensing practices (no > license, unclear licensing, GPL N only). > -(B2) > +(B2) > + > + In particular, explains the importance of > + including a license notice in all nontrivial source files, not > + just in a few places. > + (B2.0) > + > +
Re: [PATCH: ]new repo-criteria v1.2
On Tue, 16 Apr 2024 18:59:57 -0400 bill-auger wrote: > + In particular, explains the importance of > + including a license notice in all nontrivial source files, not > + just in a few places. > + (B2.0) > + > > + Helps or reminds users to put license notices > + in their source files to go with whichever license they have chosen. > + (A+7) > i think i remember this now - IIRC, RMS was thinking that A-plus-7 would be some tool on the back-end which would detect poorly-licensed files and present an indication on the UI - where B2-0 is more about good licensing documentation is that obvious from the current wording?
Re: [PATCH: ]new repo-criteria v1.2
Index: www/software/repo-criteria.html === RCS file: /web/www/www/software/repo-criteria.html,v retrieving revision 1.15 diff -u -r1.15 repo-criteria.html --- www/software/repo-criteria.html 5 May 2022 22:31:08 - 1.15 +++ www/software/repo-criteria.html 16 Apr 2024 22:47:43 - @@ -24,11 +24,7 @@ href="https://lists.gnu.org/mailman/listinfo/repo-criteria-discuss";>repo-criteria-discuss mailing list. -You can also help us by providing feedback on -our proposed -updates to the repo criteria. - -Version 1.1 +GNU ERC Version 1.2 F — Unacceptable @@ -90,8 +86,8 @@ The site's terms of service contain no odious conditions. (C4) -Recommends and encourages GPL 3-or-later licensing at -least as much as any other kind of licensing. (C5) +No other license is recommended over GPL-3-or-later. +(C5) Support HTTPS properly and securely, including the site's certificates. (C6) @@ -110,11 +106,26 @@ Does not report visitors to other organizations; in particular, no tracking tags in the pages. This means the site must avoid most advertising networks. -(B1) +(B1) + +Explains each of the licensing options, +distinguishing between GPL 2 only and GPL 2-or-later, as well as +between GPL 3 only and GPL 3-or-later. Makes recommendations about +whether and when to use each option. +(B1.0) + + Does not encourage bad licensing practices (no license, unclear licensing, GPL N only). -(B2) +(B2) + + In particular, explains the importance of + including a license notice in all nontrivial source files, not + just in a few places. + (B2.0) + + Does not recommend nonfree licenses for works of practical use. (B3) @@ -132,7 +143,7 @@ Server code released as free software. (A1) - Encourages use of GPL 3-or-later as preferred option. + Recommends GPL 3-or-later over other licensing options. (A2) Offers use of AGPL 3-or-later as an option. @@ -166,7 +177,10 @@ Allows visitors to look and download without authenticating. (A+0) - Does not log anything about visitors. + Does not log anything about visitors. Note that + this criterion is based solely on the good faith of the forge's + administrator. There is no way to be certain that the forge refrains + from logging connections. (A+1) Follows the criteria in The Electronic Frontier @@ -176,7 +190,7 @@ Follows the https://www.w3.org/WAI/WCAG20/quickref/";>Web -“Content” Accessibility Guidelines 2.0 (WCAG 2.0) + “Content” Accessibility Guidelines 2.0 (WCAG 2.0) standard. (A+3) @@ -189,6 +203,14 @@ All data contributed by the project owner and contributors is exportable in a machine-readable format. (A+5) + + Encourages use of AGPL 3-or-later as a + preferred option. + (A+6) + + Helps or reminds users to put license notices + in their source files to go with whichever license they have chosen. + (A+7) Acknowledgements @@ -199,8 +221,10 @@ Aaron Wolf + Bill Auger Bruno Félix Rezende Ribeiro mailto:oitofe...@gnu.org";>+ Greg Farough Josh Triplett Mike Gerwitz mailto:m...@gnu.org";> Richard Stallman @@ -235,13 +259,13 @@ to mailto:web-translat...@gnu.org";> . -For information on coordinating and submitting translations of +For information on coordinating and contributing translations of our web pages, see Translations README. --> Please see the Translations -README for information on coordinating and submitting translations +README for information on coordinating and contributing translations of this article. @@ -272,7 +296,7 @@ Updated: -$Date: 2022/05/05 22:31:08 $ +$Date: 2024/04/20 15:15:23 $
Re: [PATCH]: add links to evaluation checklists
typo 'A': > +Things that prevent savannah.gnu.org from moving up to the next grade, > + A: > + should be 'A+': > +Things that prevent savannah.gnu.org from moving up to the next grade, > + A+: > +
[PATCH]: add links to evaluation checklists
i would also like to add these links for each forge to it's evaluation checklist - this will allow site visitors to see all of the passing and failing criteria, rather than mentioning only those at the next level up - checklists do not exist yet for the older ones; but i will make them Index: www/software/repo-criteria-evaluation.html === RCS file: /web/www/www/software/repo-criteria-evaluation.html,v retrieving revision 1.26 diff -u -r1.26 repo-criteria-evaluation.html --- www/software/repo-criteria-evaluation.html 25 Apr 2022 15:38:42 - 1.26 +++ www/software/repo-criteria-evaluation.html 16 Apr 2024 23:20:43 - @@ -88,6 +88,9 @@ Savannah team. +Things that prevent savannah.gnu.org from moving up to the next grade, + A: + There are normal Web access/download logs which sometimes include IP addresses. @@ -109,6 +112,11 @@ (A+5) +See the + https://libreplanet.org/wiki/Savannah";>complete criteria checklist + for savannah.gnu.org. + + sr.ht — B Things that prevent https://sr.ht/";>sr.ht from @@ -131,6 +139,10 @@ (A9) +See the + https://libreplanet.org/wiki/Sourcehut";>complete criteria checklist + for sr.ht. + notabug.org — C @@ -146,6 +158,10 @@ (B0) +See the + https://libreplanet.org/wiki/Notabug";>complete criteria checklist + for notabug.org. + gitlab.com — F @@ -160,6 +176,10 @@ (C0) +See the + https://libreplanet.org/wiki/Gitlab";>complete criteria checklist + for gitlab.com. + github.com — F @@ -175,6 +195,10 @@ +See the + https://libreplanet.org/wiki/Github";>complete criteria checklist + for github.com. + The worst thing that github.com does is to encourage bad licensing practice: failure to include a license, failure to state the license on each source file, and failure to specify “version 3 @@ -203,6 +227,11 @@ +See the + https://libreplanet.org/wiki/Sourceforge";>complete criteria checklist + for sourceforge.net. + +
[PATCH: ]new repo-criteria v1.2
i have made proposed-new-repo-criteria.html into a patch against the existing CVS file www/software/repo-criteria.html - the changes LGTM, and they have all been decided long ago; so this can be installed anytime now there is only one thing we may want to change - as i wrote yesterday, B2-0 and A-plus-7 appear to be the same general criteria - are these really suggesting something different? - these should probably be re-worded to clarify how "explains" differs from "Helps or reminds", or one of them be removed in favor of the other + In particular, explains the importance of + including a license notice in all nontrivial source files, not + just in a few places. + (B2.0) + + Helps or reminds users to put license notices + in their source files to go with whichever license they have chosen. + (A+7)
Re: A+ 0
On Tue, 16 Apr 2024 14:16:23 -0700 Aaron wrote: > Codeberg DOES pass that criteria I think. There are no third-party > requests, they actually care about this sort of thing. thats great - so a new criteria could highlight that some service operators are conscientious of that concern, withing constraining it to that one specific usage "browser validation" - bear in mind, that is really what this list is evaluating - much more than the properties of the software, it is evaluating how the service operators treat their users - surely a website could do it's own "browser validation" with libre code and without a third-party; in which case, it would be much less objectionable > A10: Does not impose connecctions to third-party services. WDYT?
Re: A+ 0
Codeberg DOES pass that criteria I think. There are no third-party requests, they actually care about this sort of thing. I know that some extreme sticklers found some reason to complain about Codeberg and cloudflare something related to https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html or whatever, I don't know. Some few people got mad about something. But when I go to Codeberg, the important thing is I see zero requests to any other domains. Whatever offloading they do (if any), it does not happen on the client side. On 2024-04-16 12:23, bill-auger wrote: On Tue, 16 Apr 2024 15:14:29 -0400 bill-auger wrote: savannah and notabug would meet that criteria, and gitlab would not ... also probably codeberg would not - most websites offload some work to third-parties - i dont think the cloudfare thing is much different than relying on third-parties to deliver scripts - regardless of what the third-party does (as long sa it is libre), "relying on third-parties" is the essential problem; and probably codeberg does that if you are looking for a new criteria which would penalize gitlab but not codeberg, i dont think there is any meaningful criteria which would distinguish them, other than the one which got gitlab demoted a few years ago
Re: A+ 0
On Tue, 16 Apr 2024 15:14:29 -0400 bill-auger wrote: > savannah and notabug would meet that criteria, and gitlab would not ... also probably codeberg would not - most websites offload some work to third-parties - i dont think the cloudfare thing is much different than relying on third-parties to deliver scripts - regardless of what the third-party does (as long sa it is libre), "relying on third-parties" is the essential problem; and probably codeberg does that if you are looking for a new criteria which would penalize gitlab but not codeberg, i dont think there is any meaningful criteria which would distinguish them, other than the one which got gitlab demoted a few years ago
Re: A+ 0
FWIW, i could propose another criteria, which would penalize gitlab for using a third-party gate-keeper; but one more general - when i was helping with notabug, we made it a point to ensure that visitors would not need to connect to any other server - that was accomplished for gogs by serving all scripts from the same server - so i would propose this (maybe at the A or A+ level?): > Does not impose connecctions to third-party services. savannah and notabug would meet that criteria, and gitlab would not
Re: A+ 0
On Tue, 16 Apr 2024 11:28:58 -0700 Aaron wrote: > GitLab has this > verification obstacle. This difference is not addressed by your > suggested wording. it could be interpreted that way though, depending on what "viewing" means - but that cloudflare thing is not "authentication" precisely - that conflicts more with the discrimination or no-JS criteria; but it is not obvious that it is a problem - it is not disciminating people; but their choice of client - a JS-heavy forge like codeberg may not work with all web browsers or curl - i dont know if that can be a criteria (eg: it must work with all web browsers) the bug reporting and patches criteria was not intended to address gitlab; but several forges (savannah, sourceforge, and sr.ht) would meet that criteria, and it is a rather nice-to-have one
Re: A+ 0
On 2024-04-15 10:23, bill-auger wrote: On Mon, 15 Apr 2024 22:09:20 -0700 Aaron wrote: indeed the access to git directly is unencumbered, it's only the loading of the website in a browser that is affected ok, so i propose working it out this way: move A+0 to level B or C (specifying that it is WRT the most basic public access to "source code") Allows viewing and downloading source code without authenticating. that seems fine to me replace A+0 with a new stronger one Allows bug reporting and offering patches without authenticating. That seems inadequate to me. It makes zero distinction between Codeberg and GitLab. But Codeberg allows far more "without authenticating" such as *seeing* issue tickets and so on. Codeberg allows *read* access to everything without any sort of verification-wall. GitLab has this verification obstacle. This difference is not addressed by your suggested wording.