[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A+ 0
From: |
bill-auger |
Subject: |
Re: A+ 0 |
Date: |
Tue, 16 Apr 2024 00:33:44 -0400 |
On Thu, 21 Dec 2023 19:17:32 -0800 wolftune@riseup.net wrote:
> I don't like the phrase "operate on projects", I don't think that is the key
> point. I think the key point is to access the projects at all.
> Maybe something like this: "Access to any public parts of projects is not
> limited by any form of authentication of visitors." ?
i think i and aaron basically agree - i would not even bother specifying
"public parts of projects" so verbosely - the only "parts" that is important is
the source code - unauthenticated git access alone, would satisfy this; and
every forge that i have ever seen allows that - any other "parts" are the ones
that should require authentication (write access - eg: posting tickets,
offering patches, etc) - even "reading" tickets and patches is not so essential
to software freedom
to swing to that the extreme, one could suggest that people should be able to
send patches and report bugs without authentication; but even savannah does not
allow that
IMHO, my version is concise and adequate
> Allows viewing and downloading source code without authenticating. (A+0)
bearing in mind that this proposal is to elevate A+0, and bearing in mind that
every public forge satisfies A+0 and would not conceive to do otherwise,
because to do so is effectively to make the forge private, what other "public
parts of projects" does that exclude, which are important enough at the B level?
On Thu, 21 Dec 2023 19:17:32 -0800 wolftune@riseup.net wrote:
> Also, I still think "authentication" seems not specific enough. Is it
> "authentication" when GitLab.com does some cloudflare check that blocks the
> entire site from loading upon failure?
yes, that is part of their authentication procedure - that is a separate issue
- that is suggesting "what of the website does not allow some users to login",
which is C2 (Does not discriminate) - the point of A+0 is simply "must you
login?", regardless of how (password, API token, whatever - the form of the
auth is irrelevant
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0,
bill-auger <=
- Re: A+ 0, Aaron Wolf, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, Aaron Wolf, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, Aaron Wolf, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, bill-auger, 2024/04/16
- Re: A+ 0, Aaron Wolf, 2024/04/16