On 09/01/2016 07:22 AM, Bryan Richter wrote:
> On Thu, Sep 01, 2016 at 05:15:48PM +0300, Bryan Richter wrote:
>> I think we need to bend on this one, accept the realities of 2016, and
>> use stripe.js anyway. We can try to provide advanced warning to
>> LibreJS/noscript fans if it's truly necessary.
> Also, it would be quite simple to restrict inclusion of stripe.js on
> to just a few page(s). Then we can say "Heads up, here's a thing
> that's about to happen" when we send people there.
> It should only be needed when a person adds or modifies their payment
> info. The system provides a token we can use on a recurring basis to
> do transactions later.

Agreed about this compromise, but we should also note that Paypal may
work without JS (not sure), and we could investigate Dwolla and others.
So, for the time where it's just one project:

* First we can work with Stripe's non-free JS reasonably sandboxed to
not interfere where it isn't needed

* Next, after "take my money" start, we can consider other payment
options since no splitting of payments is needed when it's just one project

* Long-term, we can consider what to do, whether we can feasibly manage
with multiple processors for multi-project situation or deal with the
compliance thing. Overall, we can aim to get help from the community at
that point.

I think making this compromise and communicating it is the right decision.

Attachment: signature.asc
Description: OpenPGP digital signature

Discuss mailing list

Reply via email to