repo-criteria-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What does it matter, gitlab.com does not meet C-level for a long tim


From: Aaron Wolf
Subject: Re: What does it matter, gitlab.com does not meet C-level for a long time
Date: Thu, 31 Oct 2019 13:45:30 -0700

On 2019-10-31 1:36 p.m., Dmitry Alexandrov wrote:
> Aaron Wolf <address@hidden> wrote:
>> On 2019-10-31 10:30 a.m., Dmitry Alexandrov wrote:
>>> Aaron Wolf <address@hidden> wrote:
>>>> On 2019-10-31 8:09 a.m., Dmitry Alexandrov wrote:
>>>>> bill-auger <bill-auger@peers.community> wrote:
>>>>>> the answer is most likely that things have changed; and these things 
>>>>>> need to be re-evaluated from time to time - evaluations are done by 
>>>>>> members of the community - are you volunteering?
>>>>>
>>>>> There is actually nothing much to volunteer to, I already mentioned all 
>>>>> the essential points: gitlab.com website is unusable without ad-hoc 
>>>>> software, which is not free because no sources are provided (sourcemaps 
>>>>> are bogus).
>>>>
>>>> On CAPTCHA, GitLab is in testing on the roll-out of a different approach: 
>>>> https://gitlab.com/gitlab-org/gitlab-foss/issues/46548
>>>
>>> Nice to hear that, yet it does not amend the fact that gitlab.com 
>>> webinterface is unusable without running nonfree scripts.
>>>
>>
>> Please distinguish between "nonfree scripts" and "librejs-unrecognized 
>> scripts".
> 
> I do distinguish:
> | Its web-frontend is absolutely unusable without running ad-hoc scripts, 
> which are, of course, not marked as free in a way recognizable by LibreJS or 
> in any other consistent way, and actually, they are _not_ free: sourcemaps 
> are bogus.
> — <address@hidden>
> 
>> "All client-side JavaScript (when served directly or after being compiled, 
>> arranged, augmented, or combined), is licensed under the "MIT Expat" 
>> license."
> 
> A free licence is not enough to make a piece of code free.  The complete 
> correspondent source should be provided.
> 

Thanks, that's good clarification. We should probably contact them to
bring up this concern. It's not merely a concern about LibreJS
recognition. The concern is whether the corresponding source is available.

I do think there's a bare-minimum where the source *is* available even
if there's no helpful documentation about how to find it. In other
words, it's ideal if they would work with LibreJS and still something if
they would make it readily clear how to get the source for each script
even if it's not LibreJS-recognized. However, if we can in fact find
somehow the valid source for all scripts, even if we have to do some
asking or searching, then that still qualifies as free.

By contrast, if only minimified/compiled JavaScript is available under
the free license and the source for it is not, then that's more
significant. We should verify this situation with them and push them to
make the situation clearer.

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]