On July 10, 2017 4:53:25 PM EDT, fr33domlover <fr33domlo...@riseup.net> wrote:
>I'm bringing this up especially because right now Snowdrift is using
>proprietary JS, which will surely raise eyebrows sooner or later, and
>regardless of that, I suppose we need this PCI thing. Anyone has
>thoughts about

It'll raise eyebrows sooner or later for sure. However, it is pretty well 
sandboxed (only on one page, after you click a button) and has a prominent 
notice explaining it. Therefore, it should not take priority over other tasks 
needed to get the new design live so we can announce our launch. So for now, 
I'd encourage you to  focus on other work that needs to happen. 

Once we make that announcement (alpha) and start working towards support for 
multiple projects (beta), then it is absolutely a priority. And, of course, I 
can't *dictate* what people work on, only set the project's priorities. Maybe 
you're more motivated to work on this than other stuff, that's fine. If you or 
someone else anyone figures out how to do this well and sends a patch/mr, it 
would still be welcome :)

>My thoughts are:
>- What does PCI compliance affect? If we don't have it, who will it
>bother etc.?
>- How does the FSF handle it? They take donations without a single bit
> proprietary JS. And they are in the US too (except they are legally an
>  official non-profit organization). Maybe we can check how they do it?

These seem like the right questions to ask when we start on implementation. 

Sent from my Android device with K-9 Mail. Please excuse my brevity.
Discuss mailing list

Reply via email to