[Repo-criteria-discuss] Evaluation: F for git.pantsu.cat

[Juuso Lapinlampi]

I did an evaluation on git.pantsu.cat. It's a very small Git service,
primarily concerned with its own free software projects but also hosts
user repositories on request. If we're concerned about notability, it
lacks notability. In summary, its ethical repository grade is an F.

Previously git.pantsu.cat ran on Gogs, so it was possible to create an
account and start a repository immediately. Now it's running on cgit
0.12 (+ gitolite), so accounts and repositories are managed UNIX-style
by a sysop (ewhal@, later referred by gitmaster role).

Note that I'm really biased for having lots of code in pantsu/pomf
repository as a contributor, so I may also have a conflict of interest
even though I have no sysop responsibilities with hosting the
repositories.

Here's some Markdown-like evaluation:

## C — Acceptable hosting for a GNU package

- C0: **Pass.** cgit doesn't have any JavaScript in default install. All
  site functionality works without non-free software.
- C1: **Pass.** No non-free software is required to manage repositories,
  Git and SSH will do. There are no Adobe Flash components.
- C2: **Pass (weak).** Pantsu.cat does not have an explicit policy about
  non-discrimination of users or any country.
- C3: **Pass (weak).** There are no restrictions on Tor access, no
  CAPTCHAs to complete. Where Pantsu.cat falls short is the lack of
  `.onion` address for Tor users.
- C4: **Fail (weak).** Pantsu.cat does not have terms of service for its
  Git repository hosting. Implicitly, this means Pantsu.cat may do what
  it likes.
- C5: **Fail.** Pantsu.cat does not recommend or encourage any
  licensing, including free software licenses.
- C6: **Pass.** git.pantsu.cat uses HTTPS with modern best practices.

## B — Good enough to recommend

- B0: **Pass.** As there's no JavaScript sent to the user's browser, the
  parts about LibreJS are not applicable. The HTML markup is generated
  by free software running on the server, cgit.
- B1: **Pass.** git.pantsu.cat does not make any third party requests
  and doesn't track the users.
- B2: **Fail (weak).** See C5: Pantsu.cat does not encourage any form of
  licensing.
- B3: **Pass (weak).** Pantsu.cat doesn't recommend any sort of
  licensing.

## A — Excellent

- A0: **Pass.** No JavaScript or other code is sent to the browser.
  Search, download, tree and commit viewing et cetera work without any
  JavaScript. Creating repositories and managing permissions for them is
  not a feature in cgit, thus this management happens via email or IRC
  with the webmaster or gitmaster.
- A1: **Pass.** Both gitolite and cgit are free software released under
  the GNU General Public License, version 2 (only).
- A2: **Fail.** Pantsu.cat does not encourage adoption of the
  GPL 3-or-later.
- A3: **Fail (weak).** The choice of license is left up to the user. At
  minimum, there is no education of AGPL 3-or-later as a licensing
  option for software.
- A4: **Fail.** There is no explicit policy against non-free software
  for works for practical use. The licensing is left up to the user.
- A5: **Pass.** There are no SaaSS misfeatures in cgit to be aware of.
- A6: **Fail (weak).** Pantsu.cat does not endorse free software, but
  also doesn't say "open source" nor endorses non-free software.
- A7: **Fail (weak).** While privately Pantsu.cat is pretty liberal and
  shares at least some of the Free Software Movement's ideas of freedom,
  there is no public statement supporting this criteria.
- A8: **Pass (weak).** There's no mention of "Linux" nor "GNU/Linux"
  anywhere. Privately in IRC conversations within Pantsu.cat's projects,
  there is a clear distinction between the GNU operating system and the
  kernel Linux in those conversations.

## A+ — Extra credit

- A+0: **Pass.** No authentication is required to view repository files
  and to download project source over `https://` and `git://`. `ssh://`
  requires authentication due to technical limitations. `https://`
  provides the same cloning functionality over a secure connection. All
  repositories are public.
- A+1: **Fail (weak).** Pantsu.cat does not publish its configuration
  and doesn't have a privacy policy or a more specific policy about
  logging visitors. `pantsu/pomf` repository's FAQ states that there is
  no logging, but it is uncertain if this is the case for git.pantsu.cat
  today.
- A+2: **Fail.** Notably, Pantsu.cat lacks "procedures for dealing with
  legal information requests and providing notice to users."
- A+3: **Fail.** cgit does not use many semantical HTML elements for
  accessibility.
- A+4: **Fail.** See A+3 for the issue.
- A+5: **Fail (weak).** There is no web UI login functionality as seen
  in much larger, featureful Git interfaces. As such, there is not much
  to export. Git repositories are easy to clone, but there's no easy way
  to export gitolite config for the repository or any other UNIX-like
  account settings, such as public keys added to the repository for
  management. It is possible to request the gitmaster to provide this
  information via email, but this option is not publicly and explicitly
  expressed on any page.

I'll see about doing a re-evaluation later, once the gitmaster has
improved the fulfillment of the criterias.