Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
drat, there may be yet one other thing to consider - i just read the savannah
documentation, to check if it satisfies the two new criteria at the 'B' level

B2-1 is a check - the docs say: "any file more than ten lines long is
nontrivial, so it should have copyright and license notices."

but WRT the new B2-0, i dont see that mentioned in the docs - some wording may
need to be added to account for it, or savannah will need to be demoted to 'C'

> Explains each of the licensing options, distinguishing between GPL 2 only
> and GPL 2-or-later, as well as between GPL 3 only and GPL 3-or-later.
> Makes recommendations about whether and when to use each option.

Re: [PATCH]: add links to evaluation checklists

2024-04-16 Thread bill-auger 
Index: www/software/repo-criteria-evaluation.html
===
RCS file: /web/www/www/software/repo-criteria-evaluation.html,v
retrieving revision 1.26
diff -u -r1.26 repo-criteria-evaluation.html
--- www/software/repo-criteria-evaluation.html  25 Apr 2022 15:38:42 -  
1.26
+++ www/software/repo-criteria-evaluation.html  17 Apr 2024 03:15:33 -
@@ -88,6 +88,9 @@
 Savannah team.
 
 
+Things that prevent savannah.gnu.org from moving up to the next grade,
+   A+:
+
 
   There are normal Web access/download logs
 which sometimes include IP addresses.
@@ -109,6 +112,11 @@
 (A+5)
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Savannah";>complete criteria 
checklist
+   for savannah.gnu.org.
+
+
 sr.ht — B
 
 Things that prevent https://sr.ht/";>sr.ht from
@@ -131,6 +139,10 @@
 (A9)
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Sourcehut";>complete criteria 
checklist
+   for sr.ht.
+
 
 notabug.org — C
 
@@ -146,6 +158,10 @@
 (B0)
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Notabug";>complete criteria 
checklist
+   for notabug.org.
+
 
 gitlab.com — F
 
@@ -160,6 +176,10 @@
 (C0)
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Gitlab";>complete criteria 
checklist
+   for gitlab.com.
+
 
 github.com — F
 
@@ -175,6 +195,10 @@
   
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Github";>complete criteria 
checklist
+   for github.com.
+
 The worst thing that github.com does is to encourage bad licensing
 practice: failure to include a license, failure to state the
 license on each source file, and failure to specify “version 3
@@ -203,6 +227,11 @@
 
 
 
+See the
+   https://libreplanet.org/wiki/ERC/Sourceforge";>complete criteria 
checklist
+   for sourceforge.net.
+
+

Re: [PATCH]: add links to evaluation checklists

2024-04-16 Thread bill-auger 
ok, i updated the check,lists to include the new criteria, and setup the
checklists (retro-actively) for savannah, github, gitlab, sr.ht, and notabug;
and moved the existing ones all under the same fake namespace ERC/ - i will
send the revised patch next

https://libreplanet.org/wiki/Special:WhatLinksHere/Template:ERC_Checklist

Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
one other thing to consider - probably, the two new criteria at the 'B'
level will implicitly demote sr.ht to the 'C' level

Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
Index: www/software/repo-criteria.html
===
RCS file: /web/www/www/software/repo-criteria.html,v
retrieving revision 1.15
diff -u -r1.15 repo-criteria.html
--- www/software/repo-criteria.html 5 May 2022 22:31:08 -   1.15
+++ www/software/repo-criteria.html 17 Apr 2024 00:08:07 -
@@ -24,11 +24,7 @@
 
href="https://lists.gnu.org/mailman/listinfo/repo-criteria-discuss";>repo-criteria-discuss
   mailing list.
 
-You can also help us by providing feedback on
-our proposed
-updates to the repo criteria.
-
-Version 1.1
+GNU ERC Version 1.2
 
 F — Unacceptable
 
@@ -90,8 +86,8 @@
 The site's terms of service contain no odious
 conditions.  (C4)
 
-Recommends and encourages GPL 3-or-later licensing at
-least as much as any other kind of licensing.  
(C5)
+No other license is recommended over GPL-3-or-later.
+(C5)
 
 Support HTTPS properly and securely, including the site's
 certificates.  (C6)
@@ -114,7 +110,19 @@
 
 Does not encourage bad licensing practices (no
 license, unclear licensing, GPL N only).
-(B2)
+(B2)
+  
+Explains each of the licensing options,
+distinguishing between GPL 2 only and GPL 2-or-later, as well as
+between GPL 3 only and GPL 3-or-later. Makes recommendations about
+whether and when to use each option.
+(B2.0)
+In particular, explains the importance of
+including a license notice in all nontrivial source files, not
+just in a few places.
+(B2.1)
+  
+
 
 Does not recommend nonfree licenses for works of
 practical use.  (B3)
@@ -132,7 +140,7 @@
   Server code released as free software.
   (A1)
 
-  Encourages use of GPL 3-or-later as preferred option.
+  Recommends GPL 3-or-later over other licensing options.
   (A2)
 
   Offers use of AGPL 3-or-later as an option.
@@ -166,7 +174,10 @@
   Allows visitors to look and download without 
authenticating.
   (A+0)
 
-  Does not log anything about visitors.
+  Does not log anything about visitors. Note that
+  this criterion is based solely on the good faith of the forge's
+  administrator. There is no way to be certain that the forge refrains
+  from logging connections.
   (A+1)
 
   Follows the criteria in The Electronic Frontier
@@ -176,7 +187,7 @@
 
   Follows
   the https://www.w3.org/WAI/WCAG20/quickref/";>Web
-“Content” Accessibility Guidelines 2.0 (WCAG 2.0)
+  “Content” Accessibility Guidelines 2.0 (WCAG 2.0)
   standard.
   (A+3)
 
@@ -189,6 +200,14 @@
   All data contributed by the project owner and 
contributors
   is exportable in a machine-readable format.
   (A+5)
+
+  Encourages use of AGPL 3-or-later as a
+  preferred option.
+  (A+6)
+
+  Helps or reminds users to put license notices
+  in their source files to go with whatever license they have chosen.
+  (A+7)
 
 
 Acknowledgements
@@ -199,8 +218,10 @@
 
 
   Aaron Wolf
+  Bill Auger
   Bruno Félix Rezende Ribeiro
 mailto:oitofe...@gnu.org";>
+  Greg Farough
   Josh Triplett
   Mike Gerwitz mailto:m...@gnu.org";>
   Richard Stallman
@@ -235,13 +256,13 @@
 to mailto:web-translat...@gnu.org";>
 .
 
-For information on coordinating and submitting translations of
+For information on coordinating and contributing translations of
 our web pages, see Translations
 README. -->
 Please see the Translations
-README for information on coordinating and submitting translations
+README for information on coordinating and contributing translations
 of this article.
 
 
@@ -272,7 +293,7 @@
 
 Updated:
 
-$Date: 2022/05/05 22:31:08 $
+$Date: 2024/04/20 15:15:23 $

Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
actually i just noticed something that doesnt look quite right - 
"B1-0: Explains each of the licensing options" is not really related to
"B1: Does not report visitors to other organizations"

i think the intention was for B1-0 to be actually B2-0; and for "B2-0: explains
the importance of including a license notice" to be B2-1 - those three are all
about good licensing documentation

>  Does not report visitors to other organizations; in
>  particular, no tracking tags in the pages. This means the
>  site must avoid most advertising networks.
> -(B1)
> +(B1)
> +  
> +Explains each of the licensing options,
> +distinguishing between GPL 2 only and GPL 2-or-later, as well as
> +between GPL 3 only and GPL 3-or-later. Makes recommendations 
> about
> +whether and when to use each option.
> +(B1.0)
> +  
> +
>  
>  Does not encourage bad licensing practices (no
>  license, unclear licensing, GPL N only).
> -(B2)
> +(B2)
> +  
> +  In particular, explains the importance of
> +  including a license notice in all nontrivial source files, not
> +  just in a few places.
> +  (B2.0)
> +  
> +

Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
On Tue, 16 Apr 2024 18:59:57 -0400 bill-auger wrote:
> +  In particular, explains the importance of
> +  including a license notice in all nontrivial source files, not
> +  just in a few places.
> +  (B2.0)
> +  
> 
> +  Helps or reminds users to put license notices
> +  in their source files to go with whichever license they have chosen.
> +  (A+7)
> 

i think i remember this now - IIRC, RMS was thinking that A-plus-7 would be
some tool on the back-end which would detect poorly-licensed files and present
an indication on the UI - where B2-0 is more about good licensing documentation

is that obvious from the current wording?

Re: [PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
Index: www/software/repo-criteria.html
===
RCS file: /web/www/www/software/repo-criteria.html,v
retrieving revision 1.15
diff -u -r1.15 repo-criteria.html
--- www/software/repo-criteria.html 5 May 2022 22:31:08 -   1.15
+++ www/software/repo-criteria.html 16 Apr 2024 22:47:43 -
@@ -24,11 +24,7 @@
 
href="https://lists.gnu.org/mailman/listinfo/repo-criteria-discuss";>repo-criteria-discuss
   mailing list.
 
-You can also help us by providing feedback on
-our proposed
-updates to the repo criteria.
-
-Version 1.1
+GNU ERC Version 1.2
 
 F — Unacceptable
 
@@ -90,8 +86,8 @@
 The site's terms of service contain no odious
 conditions.  (C4)
 
-Recommends and encourages GPL 3-or-later licensing at
-least as much as any other kind of licensing.  
(C5)
+No other license is recommended over GPL-3-or-later.
+(C5)
 
 Support HTTPS properly and securely, including the site's
 certificates.  (C6)
@@ -110,11 +106,26 @@
 Does not report visitors to other organizations; in
 particular, no tracking tags in the pages. This means the
 site must avoid most advertising networks.
-(B1)
+(B1)
+  
+Explains each of the licensing options,
+distinguishing between GPL 2 only and GPL 2-or-later, as well as
+between GPL 3 only and GPL 3-or-later. Makes recommendations about
+whether and when to use each option.
+(B1.0)
+  
+
 
 Does not encourage bad licensing practices (no
 license, unclear licensing, GPL N only).
-(B2)
+(B2)
+  
+  In particular, explains the importance of
+  including a license notice in all nontrivial source files, not
+  just in a few places.
+  (B2.0)
+  
+
 
 Does not recommend nonfree licenses for works of
 practical use.  (B3)
@@ -132,7 +143,7 @@
   Server code released as free software.
   (A1)
 
-  Encourages use of GPL 3-or-later as preferred option.
+  Recommends GPL 3-or-later over other licensing options.
   (A2)
 
   Offers use of AGPL 3-or-later as an option.
@@ -166,7 +177,10 @@
   Allows visitors to look and download without 
authenticating.
   (A+0)
 
-  Does not log anything about visitors.
+  Does not log anything about visitors. Note that
+  this criterion is based solely on the good faith of the forge's
+  administrator. There is no way to be certain that the forge refrains
+  from logging connections.
   (A+1)
 
   Follows the criteria in The Electronic Frontier
@@ -176,7 +190,7 @@
 
   Follows
   the https://www.w3.org/WAI/WCAG20/quickref/";>Web
-“Content” Accessibility Guidelines 2.0 (WCAG 2.0)
+  “Content” Accessibility Guidelines 2.0 (WCAG 2.0)
   standard.
   (A+3)
 
@@ -189,6 +203,14 @@
   All data contributed by the project owner and 
contributors
   is exportable in a machine-readable format.
   (A+5)
+
+  Encourages use of AGPL 3-or-later as a
+  preferred option.
+  (A+6)
+
+  Helps or reminds users to put license notices
+  in their source files to go with whichever license they have chosen.
+  (A+7)
 
 
 Acknowledgements
@@ -199,8 +221,10 @@
 
 
   Aaron Wolf
+  Bill Auger
   Bruno Félix Rezende Ribeiro
 mailto:oitofe...@gnu.org";>
+  Greg Farough
   Josh Triplett
   Mike Gerwitz mailto:m...@gnu.org";>
   Richard Stallman
@@ -235,13 +259,13 @@
 to mailto:web-translat...@gnu.org";>
 .
 
-For information on coordinating and submitting translations of
+For information on coordinating and contributing translations of
 our web pages, see Translations
 README. -->
 Please see the Translations
-README for information on coordinating and submitting translations
+README for information on coordinating and contributing translations
 of this article.
 
 
@@ -272,7 +296,7 @@
 
 Updated:
 
-$Date: 2022/05/05 22:31:08 $
+$Date: 2024/04/20 15:15:23 $

Re: [PATCH]: add links to evaluation checklists

2024-04-16 Thread bill-auger 
typo 'A':
> +Things that prevent savannah.gnu.org from moving up to the next grade,
> +   A:
> +

should be 'A+':
> +Things that prevent savannah.gnu.org from moving up to the next grade,
> +   A+:
> +

[PATCH]: add links to evaluation checklists

2024-04-16 Thread bill-auger 
i would also like to add these links for each forge to it's evaluation
checklist - this will allow site visitors to see all of the passing and failing
criteria, rather than mentioning only those at the next level up - checklists
do not exist yet for the older ones; but i will make them


Index: www/software/repo-criteria-evaluation.html
===
RCS file: /web/www/www/software/repo-criteria-evaluation.html,v
retrieving revision 1.26
diff -u -r1.26 repo-criteria-evaluation.html
--- www/software/repo-criteria-evaluation.html  25 Apr 2022 15:38:42 -  
1.26
+++ www/software/repo-criteria-evaluation.html  16 Apr 2024 23:20:43 -
@@ -88,6 +88,9 @@
 Savannah team.
 
 
+Things that prevent savannah.gnu.org from moving up to the next grade,
+   A:
+
 
   There are normal Web access/download logs
 which sometimes include IP addresses.
@@ -109,6 +112,11 @@
 (A+5)
 
 
+See the
+   https://libreplanet.org/wiki/Savannah";>complete criteria 
checklist
+   for savannah.gnu.org.
+
+
 sr.ht — B
 
 Things that prevent https://sr.ht/";>sr.ht from
@@ -131,6 +139,10 @@
 (A9)
 
 
+See the
+   https://libreplanet.org/wiki/Sourcehut";>complete criteria 
checklist
+   for sr.ht.
+
 
 notabug.org — C
 
@@ -146,6 +158,10 @@
 (B0)
 
 
+See the
+   https://libreplanet.org/wiki/Notabug";>complete criteria 
checklist
+   for notabug.org.
+
 
 gitlab.com — F
 
@@ -160,6 +176,10 @@
 (C0)
 
 
+See the
+   https://libreplanet.org/wiki/Gitlab";>complete criteria 
checklist
+   for gitlab.com.
+
 
 github.com — F
 
@@ -175,6 +195,10 @@
   
 
 
+See the
+   https://libreplanet.org/wiki/Github";>complete criteria 
checklist
+   for github.com.
+
 The worst thing that github.com does is to encourage bad licensing
 practice: failure to include a license, failure to state the
 license on each source file, and failure to specify “version 3
@@ -203,6 +227,11 @@
 
 
 
+See the
+   https://libreplanet.org/wiki/Sourceforge";>complete criteria 
checklist
+   for sourceforge.net.
+
+

[PATCH: ]new repo-criteria v1.2

2024-04-16 Thread bill-auger 
i have made proposed-new-repo-criteria.html into a patch against the existing
CVS file www/software/repo-criteria.html - the changes LGTM, and they have all
been decided long ago; so this can be installed anytime now

there is only one thing we may want to change - as i wrote yesterday, B2-0 and
A-plus-7 appear to be the same general criteria - are these really suggesting
something different? - these should probably be re-worded to clarify how
"explains" differs from "Helps or reminds", or one of them be removed in favor
of the other

+  In particular, explains the importance of
+  including a license notice in all nontrivial source files, not
+  just in a few places.
+  (B2.0)
+  

+  Helps or reminds users to put license notices
+  in their source files to go with whichever license they have chosen.
+  (A+7)

Re: A+ 0

2024-04-16 Thread bill-auger 
On Tue, 16 Apr 2024 14:16:23 -0700 Aaron wrote:
> Codeberg DOES pass that criteria I think. There are no third-party 
> requests, they actually care about this sort of thing.

thats great - so a new criteria could highlight that some service operators are
conscientious of that concern, withing constraining it to that one specific
usage "browser validation" - bear in mind, that is really what this list is
evaluating - much more than the properties of the software, it is evaluating
how the service operators treat their users - surely a website could do it's
own "browser validation" with libre code and without a third-party; in which
case, it would be much less objectionable

> A10: Does not impose connecctions to third-party services.  

WDYT?

Re: A+ 0

2024-04-16 Thread Aaron Wolf 
Codeberg DOES pass that criteria I think. There are no third-party 
requests, they actually care about this sort of thing. I know that some 
extreme sticklers found some reason to complain about Codeberg and 
cloudflare something related to 
https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html or 
whatever, I don't know. Some few people got mad about something. But 
when I go to Codeberg, the important thing is I see zero requests to any 
other domains. Whatever offloading they do (if any), it does not happen 
on the client side.


On 2024-04-16 12:23, bill-auger wrote:

On Tue, 16 Apr 2024 15:14:29 -0400 bill-auger wrote:

savannah and notabug would meet that criteria, and gitlab would not

... also probably codeberg would not - most websites offload some work to
third-parties - i dont think the cloudfare thing is much different than relying
on third-parties to deliver scripts - regardless of what the third-party does
(as long sa it is libre), "relying on third-parties" is the essential problem;
and probably codeberg does that

if you are looking for a new criteria which would penalize gitlab but not
codeberg, i dont think there is any meaningful criteria which would distinguish
them, other than the one which got gitlab demoted a few years ago

Re: A+ 0

2024-04-16 Thread bill-auger 
On Tue, 16 Apr 2024 15:14:29 -0400 bill-auger wrote:
> savannah and notabug would meet that criteria, and gitlab would not

... also probably codeberg would not - most websites offload some work to
third-parties - i dont think the cloudfare thing is much different than relying
on third-parties to deliver scripts - regardless of what the third-party does
(as long sa it is libre), "relying on third-parties" is the essential problem;
and probably codeberg does that

if you are looking for a new criteria which would penalize gitlab but not
codeberg, i dont think there is any meaningful criteria which would distinguish
them, other than the one which got gitlab demoted a few years ago

Re: A+ 0

2024-04-16 Thread bill-auger 
FWIW, i could propose another criteria, which would penalize gitlab for using a
third-party gate-keeper; but one more general - when i was helping with
notabug, we made it a point to ensure that visitors would not need to connect
to any other server - that was accomplished for gogs by serving all scripts from
the same server - so i would propose this (maybe at the A or A+ level?):

> Does not impose connecctions to third-party services.

savannah and notabug would meet that criteria, and gitlab would not

Re: A+ 0

2024-04-16 Thread bill-auger 
On Tue, 16 Apr 2024 11:28:58 -0700 Aaron wrote:
> GitLab has this 
> verification obstacle. This difference is not addressed by your 
> suggested wording.

it could be interpreted that way though, depending on what "viewing" means -
but that cloudflare thing is not "authentication" precisely - that conflicts
more with the discrimination or no-JS criteria; but it is not obvious that it
is a problem - it is not disciminating people; but their choice of client - a
JS-heavy forge like codeberg may not work with all web browsers or curl - i
dont know if that can be a criteria (eg: it must work with all web browsers)

the bug reporting and patches criteria was not intended to address gitlab; but
several forges (savannah, sourceforge, and sr.ht) would meet that criteria, and
it is a rather nice-to-have one

Re: A+ 0

2024-04-16 Thread Aaron Wolf 


On 2024-04-15 10:23, bill-auger wrote:

On Mon, 15 Apr 2024 22:09:20 -0700 Aaron wrote:

indeed the access to git directly is unencumbered, it's only the loading
of the website in a browser that is affected

ok, so i propose working it out this way:

move A+0 to level B or C (specifying that it is WRT the most basic public
access to "source code")


Allows viewing and downloading source code without authenticating.


that seems fine to me

replace A+0 with a new stronger one

Allows bug reporting and offering patches without authenticating.
That seems inadequate to me. It makes zero distinction between Codeberg 
and GitLab. But Codeberg allows far more "without authenticating" such 
as *seeing* issue tickets and so on. Codeberg allows *read* access to 
everything without any sort of verification-wall. GitLab has this 
verification obstacle. This difference is not addressed by your 
suggested wording.