On 06/03/2016 08:39 AM, Ian Jackson wrote:
I have a rather serious problem with the GNU Ethical Repository
Criteria.
The main one is that
Server code released as free software. (A1)
is in category A.
I don't think the GNU Project (or anyone concerned with Software
Freedom) ought to recommend hosting services which do not meet this
criterion. Benjamin Mako Hill made the general point forcefully in
his excellent article "Free Software Needs Free Tools" in 2010:
https://mako.cc/writing/hill-free_tools.html
For a comparison to what another project does: Debian does not run any
official services (including team-specific code hosting, bug tracking,
mailing lists, etc.), on non-free software.
Personally I would be tempted to argue that this criterion ought to be
bumped up to required-for-C. (Although it's a bit odd that
"Acceptable hosting for a GNU package" and "Good enough to recommend"
are the way round they are.) But I can see that with the greater
workflow diversity of the GNU packages, this may be impractical.
Certainly I think it should be bumped up to required-to-B.
Conversely, the focus on non-free JavaScript is quixotic. When a user
is using a proprietary website, it does not matter much whether the
javascript fragments or javascript libraries sent by the server happen
to be Free. The user is still hostage to the whole website: they
cannot suggest improvements; they cannot set up and move to a
competing platform with their desired changes; and so on.
I understand where the original distinction between server-side code
and browser-side code comes from: the idea that _the user_ should not
be required to run non-free software, particularly on their computer.
In many contexts, particularly software packages and operating system
distributions, this distinction makes a lot of practical sense. (And
is also a pragmatic response to the real boundaries in real deployed
systems.)
But in the context of web applications, I think it is silly.
I agree that Javascript is problem and I mostly run with Javascript
turned off. But I am hardly any better off with an unminified ancient
jQuery (or whatever) than with a minified hacked-up proprietary
jQuery.
So we should not be /recommending/ sites which /require/ Javascript.
If it were up to me I would demote the criterion C0, which relates to
nonfree Javascript, to required-for-B. I would promote the criterion
A0 to required-for-B. I would demote the LibreJS labelling criterion
(B0) to required-for-A.
The result would be that we would only recommend sites which were
actually Free Software. But that any site which _is_ Free Software
could be recommended.
If the site doesn't have the LibreJS labelling, no doubt the site
operators would welcome patches to add it!
Thanks,
Ian.
FWIW, I agree 100% with everything you just wrote, Ian.
Unfortunately, GNU as a project, with RMS leading still, seems to have
decided that the free/libre status of services that make sense as
services (i.e. are not SaaSS strictly) is beyond the core scope of
things and is just a nice-to-have rather than essential. Still, maybe
people can be convinced that it deserves B level rather than A.
Regarding client-side JS, I have the sense that it *can* be kinda
powerful and not as strictly sandboxed in the browser as one might hope.
So, personally, I think whether the JS is freely-licensed or not is less
of an issue than whether it does objectionable things or not.
(Just speaking for myself as a volunteer here, one who participated in
this process)