~sircmpwn/sr.ht-discuss

1

I'd like to get sourcehut evaluated as part of the GNU Ethical Repository Criteria Evaluations

Details
Message ID
<87a79fifzl.fsf@fsf.org>
DKIM signature
missing
Download raw message
https://www.gnu.org/software/repo-criteria-evaluation.html Is there
anyone who is interested in assisting with this?  If you are, please
join the mailing list and mention so there:
https://lists.gnu.org/mailman/listinfo/repo-criteria-discuss Some of the
main work is to go through the criteria and compare/test the site and
document what is found.

I could potentially also do some work to increase its rating before the
evaluation is complete.

-- 
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org
Details
Message ID
<BY4SP60PHM4J.OFO3GMYYJ3OK@homura>
In-Reply-To
<87a79fifzl.fsf@fsf.org> (view parent)
DKIM signature
missing
Download raw message
Just glanced over the criteria.

C:

As far as I can tell, we meet all of the criteria for C, except C2,
which I may not be legally allowed to fulfill (I have to comply with US
trade sanctions).

B:

We don't have LibreJS indicators for the one or two scripts on the site,
but the scripts are optional anyway. Other criteria fulfilled.

A:

A2, A4, A8: NACK, do not intend to fix. These are more about "making GNU
happy" than "ethical repository criteria".

A4: NACK, but I might change my mind at some point.

A9: I don't really think this is necessary, a single LICENSE or COPYING
file should be suitable. I would be interested in adding a feature which
warns repo owners if their repo is missing one of these files.

A+:

A+1: NACK, we need to do this for security reasons. One example is that
we log every log in and log out attempt and monitor it for unusually
high activity, which alerts us if someone is attempting to access
another user's account. Old information is deleted periodically.

A+5: This is a blocker for the production cycle, but isn't done.

The rest of these criteria are laudable but not currently on the
roadmap, help here would be welcome.

In short, I think we could easily qualify for a B rating, but the A
rating is kind of GNU biased and I'm not really into it.
Reply to thread Export thread (mbox)