[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CodeBerg addition
|
From: |
Aaron Wolf |
|
Subject: |
Re: CodeBerg addition |
|
Date: |
Fri, 29 Dec 2023 22:08:31 -0800 |
Great, thanks for the update! I've done what I could for today,
here's my updates:
C6: https seems fine to me, LE cert and everything checks out in
my browser, is there anything more to review?
B0 LibreJS: https://codeberg.org/assets/js/index.js gets blocked
as not marked in a way LibreJS understands, but there is a license
mention somewhere in the file which links to the MIT license file
for https://github.com/zloirock/core-js which seems to be the
upstream JS used. There are also some accepted trivial in-line
scripts. This seems a LibreJS issue perhaps, the JS is indeed
freely licensed. There is already an issue tracking this at
https://codeberg.org/forgejo/forgejo/issues/1654
It is clear to me that this is a technical detail and not a matter
of whether the JS is free or not.
B1: pass, I have never seen a tracking-tag or any third-party
requests, there's no advertising, no indication of any issue here
B2: I think fail for now unfortunately.
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
*requires* free software licensing (with a very few reasonable
exceptions). However, the inherited software interface has some
issues. The new-repository settings prompt license choices, links
to https://choosealicense.com/ for license consideration, and that
is neutral on the topic of GLP-N-only. The selection pull-down has
an enormous list which includes the -only licenses as well as all
CC licenses (including non-free) and even outdated old versions.
It also has strange non-free discriminatory licenses like
BSD-3-No-Military.
There is already an issue here:
https://codeberg.org/forgejo/forgejo/issues/1404 and I commented
there about the scope of what I think would resolve this. I
already got a response, and it indicates this should be easy
enough to fix, so we could see this pass soon. Alternatively, I'd
also say this would pass if the Terms were clearer on the N-only
issue.
Note: this criterion B2 could be fleshed out to list more bad
practices such as adding non-free clauses to licenses and using
outdated versions of licenses (though I would not prefer to see
sites fail this criterion just because they decide to include
GPL-2-or-later for compatibility with existing GPL-2 projects).
A0: I lean toward voting for pass, despite not being perfect. The
text shows up "This website
requires _javascript_." The site loads still, and all
content is visible and downloading files works without JS.
Interactions are not quite as smooth though. When I tested posting
a comment, I got a rate-limit notice. That notice does offer to do
some intervention by contacting them. Perhaps they could whitelist
a user account and/or IP in order to bypass rate-limiting. When I
returned to
the page in question with JS enabled, my original post did
actually go through. So, it appears that much (if not all) of the
functions are doable without JS if not for the rate-limiting.
A1: I've not further checked, but I'm pretty sure this passes
A2: could be fixed with the items I mentioned above under B2
A4: PASS
"for practical use" is Richard's excuse for using ND
(No-Derivatives) licensing on his political opinion publications.
He insists that works of opinion are distinct from "practical use"
and do not have the issues of freedom that software has. I and
many others disagree and believe that cultural freedom fits all
the same issues. We need not debate this again here, Richard's
views are encoded in the criteria in this case.
The fact is for Codeberg,
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
makes it clear that all repos must use free licensing, no matter
what type of work it is, "practical" or otherwise.
A5: PASS, pretty sure, there's no service recommendations at all
A6: I vote for passing here actually. Look at
https://docs.codeberg.org/getting-started/what-is-codeberg/ and
see that they mostly use the term "free software" and *not* "open
source". They sometimes say "Free and Open Source Software" but
most of the references are like "On Codeberg you can develop your
own Free Software projects". Overall, Codeberg embraces the term
"free software" and prioritizes it over "open source". I don't
think this criterion should be interpreted as a prohibition on the
term "open source". It's more that this isn't one of those common
places that uses "open source" as their default term. Codeberg is
clearly "free software" focused.
A7: I vote PASS. I see zero space between the FSF's definitions
and Codeberg's understanding. There are some people pushing
against the FSF/GNU understanding, and some opened this issue
https://codeberg.org/Codeberg/Community/issues/385 which I just
now commented on. But the organization has not supported these
directions, though they didn't block or close the discussion.
A9: Fail, though I personally worry that this criterion is out of
alignment with today's common practices even in dedicated free
software in terms of Git and version control management of
licensing. However, I might be wrong and this per-file licensing
really is optimal. I would push to reconsider this criterion and
move it to A+ level at least.
A+1: Pass.
https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md
makes it clear they do not log anything about visitors and there
is no reason to doubt this. If we have reason to suspect
otherwise, it would be like revisiting any other issue. Other
services like GitHub have much more invasive privacy policies.
A+2: I believe they pass, we could ask someone on the Codeberg
team to verify. Their Privacy Policy and everything I've seen fits
these recommendations.
A+3: I think they meet most of these, but this is a huge task to
check everything, and I'd doubt they are perfect. How good does
something need to be on these to pass?
A+4: TODO side-note: the link in the criteria needs to be updated,
the new link is https://www.w3.org/WAI/ARIA/apg/practices/
A+5: I think it passes. It's *possible* but not simple. There is
not a straight-forward data exporting, there is only API-based
transfer which is usually done by triggering import command at
another Forgejo instance. However, there is also a dump-repo
command to export data, though that still does it via the API.
https://codeberg.org/forgejo/forgejo/issues/398 is about improving
that process. https://codeberg.org/forgejo/forgejo/issues/248 is
also relevant. https://codeberg.org/Codeberg/Community/issues/896
is about Codeberg rate-limits delaying or blocking export.
https://codeberg.org/Codeberg/Community/issues/960 is another
issue indicating that exporting is indeed possible but needs
improved process. Here's an issue about export also including user
profile: https://codeberg.org/Codeberg/Community/issues/420 and
again, this is messy but possible and being worked on.
On 2023-12-29 5:19, Fischers Fritz
wrote:
Dear associates,
I have begun the review and was pleased with the signup process.
However, I have not received the account yet. Aaron, since you
already have the account, would you like to handle some
of the remaining points? Below are my conclusions so far.
With great honor,
Fischers Fritz
C0: Pass
I registered with w3m.
C1: Pass
I registered with w3m.
C2: Pass
Codeberg bylaws section § 3.1 says.
> Mitglied kann jede natürliche oder juristische Person oder rechtsfähige
> Personengesellschaft werden.
https://codeberg.org/Codeberg/org/src/branch/main/Satzung.md
In English this is
> Every natural person, legal person or legal partnership can become a member.
https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md
C3: TODO
C4: Pass
https://codeberg.org/assets/js/licenses.txt
https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md
C5: Pass
Recommends and encourages GPL 3-or-later licensing at least as much as any other kind of licensing. (C5)
> Repository content shall be licensed under an open-source license approved by
> the Free Software Foundation (see list of the FSF) or the Open Source Initiative
> (see list of the OSI).
> Reasonable exceptions are to a very limited extent considered acceptable. For
> example, releasing single logo image files of a FLOSS project under no licence
> or a separate non-free licence that requires derivative works to use their own
> logo that is clearly distinguishable from the original work even in absence of
> trademark registration.
C6: TODO
Support HTTPS properly and securely, including the site's certificates. (C6)
B0: TODO
Review https://codeberg.org/assets/js/licenses.txt
and test with LibreJS.
B1: TODO
B2: TODO
Does not encourage bad licensing practices (no license, unclear licensing, GPL N only). (B2)
B3: Pass
(See C5.)
A0: TODO
Signup worked fine with w3m.
However, I have not received the account, so I have not tested
other functions.
A1: TODO
I think it passes, but I have not checked thoroughly.
A2: Fail
(See C5.)
A3: Pass
(See C5.)
A4: TODO
I believe Codeberg to fail A4, but I am not sure, because I do not understand
the phrase "for practical use". (See C5.) Does somebody know what this means?
A5: Todo
Does not recommend services that are SaaSS. (A5)
A6: FAIL
(See C5.)
A7: TODO
I say pass, but I would like another opinion.
A8: Pass
I didn't notice references to GNU/Linux, GNU, nor Linux.
A9: TODO
A+0: Pass
A+1: TODO
A+2: TODO
A+3: TODO
A+4: TODO
A+5: TODO
Codeberg claims to pass this criterion by being a Forgejo instance.
According to Codeberg, "[b]y choosing a Forgejo instance, you can
easily migrate away from Codeberg in case you don't like it." We can
test the claim by exporting a Codeberg account's data and importing it
to another Forgejo instance.