I recently came upon the GNU ethical repository criteria: https://www.gnu.org/software/repo-criteria.html
I am very pleased to see the FSF take up this issue. There has been far to much apathy on the part of developers regarding the ethics of hosts. It bothers me however that many privacy and security issues that I would consider basic requirements for recommendation are addressed only in the extra credit section. I am a supporter of free software in large part because of it's ability to help offer me better privacy and security. It seems backwards to me to accept services as "recommended" that have with poor or abusive privacy practices. Without violating any criteria in the C-A range a host could store user data indefinitely in unencrypted form, give it to third parties without consent or disclosure, send passwords in plain text over email, etc, etc. I suggest that items A+0, A+1, and A+2 be incorporated into the B or A grades. I think these items address similar concerns as items in lower grades such as B1, C2, and C3. Another possibility is to simply not address any privacy issues to avoid assessing their relative weight. Regards, Niels
signature.asc
Description: OpenPGP digital signature
