On July 10, 2017 4:53:25 PM EDT, fr33domlover <fr33domlo...@riseup.net> wrote: >I'm bringing this up especially because right now Snowdrift is using >Stripe's >proprietary JS, which will surely raise eyebrows sooner or later, and >regardless of that, I suppose we need this PCI thing. Anyone has >thoughts about >it?
It'll raise eyebrows sooner or later for sure. However, it is pretty well sandboxed (only on one page, after you click a button) and has a prominent notice explaining it. Therefore, it should not take priority over other tasks needed to get the new design live so we can announce our launch. So for now, I'd encourage you to focus on other work that needs to happen. Once we make that announcement (alpha) and start working towards support for multiple projects (beta), then it is absolutely a priority. And, of course, I can't *dictate* what people work on, only set the project's priorities. Maybe you're more motivated to work on this than other stuff, that's fine. If you or someone else anyone figures out how to do this well and sends a patch/mr, it would still be welcome :) >My thoughts are: > >- What does PCI compliance affect? If we don't have it, who will it >bother etc.? >- How does the FSF handle it? They take donations without a single bit >of > proprietary JS. And they are in the US too (except they are legally an > official non-profit organization). Maybe we can check how they do it? These seem like the right questions to ask when we start on implementation. Cheers, Stephen -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdrift.coop/mailman/listinfo/discuss
