Great, thanks for the update! I've done what I could for today,
here's my updates:
C6: https seems fine to me, LE cert and everything checks out in
my browser, is there anything more to review?
B0 LibreJS: https://codeberg.org/assets/js/index.js
gets blocked as not marked in a way LibreJS understands, but
there is a license mention somewhere in the file which links to
the MIT license file for https://github.com/zloirock/core-js
which seems to be the upstream JS used. There are also some
accepted trivial in-line scripts. This seems a LibreJS issue
perhaps, the JS is indeed freely licensed. There is already an
issue tracking this at https://codeberg.org/forgejo/forgejo/issues/1654
It is clear to me that this is a technical detail and not a
matter of whether the JS is free or not.
B1: pass, I have never seen a tracking-tag or any third-party
requests, there's no advertising, no indication of any issue
here
B2: I think fail for now unfortunately.
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
*requires* free software licensing (with a very few reasonable
exceptions). However, the inherited software interface has some
issues. The new-repository settings prompt license choices,
links to https://choosealicense.com/
for license consideration, and that is neutral on the topic of
GLP-N-only. The selection pull-down has an enormous list which
includes the -only licenses as well as all CC licenses
(including non-free) and even outdated old versions. It also has
strange non-free discriminatory licenses like BSD-3-No-Military.
There is already an issue here: https://codeberg.org/forgejo/forgejo/issues/1404
and I commented there about the scope of what I think would
resolve this. I already got a response, and it indicates this
should be easy enough to fix, so we could see this pass soon.
Alternatively, I'd also say this would pass if the Terms were
clearer on the N-only issue.
Note: this criterion B2 could be fleshed out to list more bad
practices such as adding non-free clauses to licenses and using
outdated versions of licenses (though I would not prefer to see
sites fail this criterion just because they decide to include
GPL-2-or-later for compatibility with existing GPL-2 projects).
A0: I lean toward voting for pass, despite not being perfect.
The text shows up "This website
requires _javascript_." The site loads still, and all
content is visible and downloading files works without JS.
Interactions are not quite as smooth though. When I tested
posting a comment, I got a rate-limit notice. That notice does
offer to do some intervention by contacting them. Perhaps they
could whitelist a user account and/or IP in order to bypass
rate-limiting. When I returned to the page in question with JS
enabled, my original post did actually go through. So, it
appears that much (if not all) of the functions are doable
without JS if not for the rate-limiting.
A1: I've not further checked, but I'm pretty sure this passes
A2: could be fixed with the items I mentioned above under B2
A4: PASS
"for practical use" is Richard's excuse for using ND
(No-Derivatives) licensing on his political opinion
publications. He insists that works of opinion are distinct from
"practical use" and do not have the issues of freedom that
software has. I and many others disagree and believe that
cultural freedom fits all the same issues. We need not debate
this again here, Richard's views are encoded in the criteria in
this case.
The fact is for Codeberg,
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#2-allowed-content-usage
makes it clear that all repos must use free licensing, no matter
what type of work it is, "practical" or otherwise.
A5: PASS, pretty sure, there's no service recommendations at all
A6: I vote for passing here actually. Look at https://docs.codeberg.org/getting-started/what-is-codeberg/
and see that they mostly use the term "free software" and *not*
"open source". They sometimes say "Free and Open Source
Software" but most of the references are like "On Codeberg you
can develop your own Free Software projects". Overall, Codeberg
embraces the term "free software" and prioritizes it over "open
source". I don't think this criterion should be interpreted as a
prohibition on the term "open source". It's more that this isn't
one of those common places that uses "open source" as their
default term. Codeberg is clearly "free software" focused.
A7: I vote PASS. I see zero space between the FSF's definitions
and Codeberg's understanding. There are some people pushing
against the FSF/GNU understanding, and some opened this issue https://codeberg.org/Codeberg/Community/issues/385
which I just now commented on. But the organization has not
supported these directions, though they didn't block or close
the discussion.
A9: Fail, though I personally worry that this criterion is out
of alignment with today's common practices even in dedicated
free software in terms of Git and version control management of
licensing. However, I might be wrong and this per-file licensing
really is optimal. I would push to reconsider this criterion and
move it to A+ level at least.
A+1: Pass. https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md
makes it clear they do not log anything about visitors and there
is no reason to doubt this. If we have reason to suspect
otherwise, it would be like revisiting any other issue. Other
services like GitHub have much more invasive privacy policies.
A+2: I believe they pass, we could ask someone on the Codeberg
team to verify. Their Privacy Policy and everything I've seen
fits these recommendations.
A+3: I think they meet most of these, but this is a huge task to
check everything, and I'd doubt they are perfect. How good does
something need to be on these to pass?
A+4: TODO side-note: the link in the criteria needs to be
updated, the new link is https://www.w3.org/WAI/ARIA/apg/practices/
A+5: I think it passes. It's *possible* but not simple. There is
not a straight-forward data exporting, there is only API-based
transfer which is usually done by triggering import command at
another Forgejo instance. However, there is also a dump-repo
command to export data, though that still does it via the API. https://codeberg.org/forgejo/forgejo/issues/398
is about improving that process. https://codeberg.org/forgejo/forgejo/issues/248
is also relevant. https://codeberg.org/Codeberg/Community/issues/896
is about Codeberg rate-limits delaying or blocking export. https://codeberg.org/Codeberg/Community/issues/960
is another issue indicating that exporting is indeed possible
but needs improved process. Here's an issue about export also
including user profile: https://codeberg.org/Codeberg/Community/issues/420
and again, this is messy but possible and being worked on.
On 2023-12-29 5:19, Fischers Fritz
wrote:
Dear associates,
I have begun the review and was pleased with the signup process.
However, I have not received the account yet. Aaron, since you
already have the account, would you like to handle some
of the remaining points? Below are my conclusions so far.
With great honor,
Fischers Fritz
C0: Pass
I registered with w3m.
C1: Pass
I registered with w3m.
C2: Pass
Codeberg bylaws section § 3.1 says.
> Mitglied kann jede natürliche oder juristische Person oder rechtsfähige
> Personengesellschaft werden.
https://codeberg.org/Codeberg/org/src/branch/main/Satzung.md
In English this is
> Every natural person, legal person or legal partnership can become a member.
https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md
C3: TODO
C4: Pass
https://codeberg.org/assets/js/licenses.txt
https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md
https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md
C5: Pass
Recommends and encourages GPL 3-or-later licensing at least as much as any other kind of licensing. (C5)
> Repository content shall be licensed under an open-source license approved by
> the Free Software Foundation (see list of the FSF) or the Open Source Initiative
> (see list of the OSI).
> Reasonable exceptions are to a very limited extent considered acceptable. For
> example, releasing single logo image files of a FLOSS project under no licence
> or a separate non-free licence that requires derivative works to use their own
> logo that is clearly distinguishable from the original work even in absence of
> trademark registration.
C6: TODO
Support HTTPS properly and securely, including the site's certificates. (C6)
B0: TODO
Review https://codeberg.org/assets/js/licenses.txt
and test with LibreJS.
B1: TODO
B2: TODO
Does not encourage bad licensing practices (no license, unclear licensing, GPL N only). (B2)
B3: Pass
(See C5.)
A0: TODO
Signup worked fine with w3m.
However, I have not received the account, so I have not tested
other functions.
A1: TODO
I think it passes, but I have not checked thoroughly.
A2: Fail
(See C5.)
A3: Pass
(See C5.)
A4: TODO
I believe Codeberg to fail A4, but I am not sure, because I do not understand
the phrase "for practical use". (See C5.) Does somebody know what this means?
A5: Todo
Does not recommend services that are SaaSS. (A5)
A6: FAIL
(See C5.)
A7: TODO
I say pass, but I would like another opinion.
A8: Pass
I didn't notice references to GNU/Linux, GNU, nor Linux.
A9: TODO
A+0: Pass
A+1: TODO
A+2: TODO
A+3: TODO
A+4: TODO
A+5: TODO
Codeberg claims to pass this criterion by being a Forgejo instance.
According to Codeberg, "[b]y choosing a Forgejo instance, you can
easily migrate away from Codeberg in case you don't like it." We can
test the claim by exporting a Codeberg account's data and importing it
to another Forgejo instance.