Re: [Savannah-hackers-public] Quote from Savannah regarding GNU Ethical Repository Criteria for Announcement

[Karl Berry]

Hi Andrew,

    Could you just confirm that it is OK for release

Seems fine to me.

    and representative of your goals?

Just for the record, I wouldn't say "we" have goals in this regard.  The
rules for Savannah are ultimately defined by the FSF, not Savannah
developers.  It is, one might say, a "wholly owned" GNU projectj.  None of
the three most active maintainers involved with Savannah now until
relatively recently (a couple years); obviously we, like any
Savannah contributor, agreed to support and work within the existing goals.

Regarding the criteria:
  http://www.gnu.org/software/repo-criteria.en.html

1) It's unclear to me what "visitor" means to me -- whether it means only
an anonymous visitor, or either anonymous or authenticated.

2) Criteria A+1, "Does not log anything about visitors." is draconian,
and, so far as I can see, directly conflicts with A+2, "Follows the
criteria in the [EFF's best practices]".  The EFF recommends keeping
logs for a short time, but not no logs at all.  Thus there will be the
standard web server access_log / error_log stuff even for anonymous
visitors.  (I doubt it is feasible to 100% turn off *all* logging at
every level, even aside from whether it is desirable.)

Furthermore, if "visitors" includes those who have logged in, it is an
unavoidable aspect of hosting to log many actions, and this is not bad.
Simple example: make a commit -> write repository history.
Another example: update password -> writes database -> database records
transaction.

These too could be construed as logging <something> "about visitors".
Presumably not what A+1 intends, but as written, I wouldn't have a clue
how one could comply with A+1 and still provide standard hosting services.

(If desired, feel free to pass this on to your list, of course.)

Happy hacking,
Karl