# HG changeset patch # User František Kučera # Date 1569508025 -7200 # Node ID 8d0d0afb75f3b80730cb5842e27d386b6be6b5cc # Parent 04190261ad54b77a4fd3bd175de41999dcb54dfd Communication with users and developers – clean-up, improve diff -r 04190261ad54 -r 8d0d0afb75f3 text/ssm.en.xml --- a/text/ssm.en.xml Thu Sep 26 00:37:37 2019 +0200 +++ b/text/ssm.en.xml Thu Sep 26 16:27:05 2019 +0200 @@ -220,7 +220,7 @@ f3afbaf2-0933-43d2-aed0-8dc568b9429f a96206c9-3e69-483d-b575-6bab9dec4a30 - correctness, safety and readability is prefered to performance + correctness, safety and readability is preferred to performance d8eba0dd-4305-44b9-80ea-4c38b6dfa633 @@ -445,103 +445,51 @@ - Communication channels + Communication with users and developers a931dcbb-8043-4e21-838f-8e8122bb8af3 fff90688-907e-48eb-a48a-2ae6d6b42f0a - use RSS/Atom or other machine readable format for: - - ce9ffd67-627b-4067-ae34-f56ffbcac972 - security announcements - - - f4c0b757-1fee-4d6d-8b30-808b4787fb5e - new version announcements - - - b17dbc84-4119-4706-acd8-61421a384246 - infrastructure outage announcements - - - f3063520-5e7a-4aa0-95f6-505775556120 - blog, documentation, how-tos etc. - - - e2434bd6-c838-479a-a636-f277003ebe7c - AFK events (conferences, meetings, hackatons etc.), for calendar data iCal format is strongly recommended - + Following information should be provided in RSS/Atom or other machine readable format: + announcements (security, new versions, infrastructure outage), + blog posts, tutorials + and AFK events (e.g. conferences, meetings or hackatons). + for calendar data iCal format is strongly recommended e8b18e02-d7b2-4584-8eee-dbaf823f6800 - mailing list - - - a35328fe-a177-4d6a-a3d2-2cc8fa0cb6f7 - e-mail/SMTP - - f40e9a23-b2ca-4052-949e-f4358844f5a2 - use TLS - - - bc444281-5c76-43a9-b5ef-46306cbb2bf9 - use DKIM/ADSP - - - a2852409-806f-480c-8700-141ace86f322 - use signed and encrypted messages (GnuPG or X.509) - - - da2b84bd-a20d-4e76-af14-740a7c9ccfb3 - avoid spam and viruses, do not spam the users, do not push them to subscribe your „newsletter“ – always offer also anonymous channel like RSS/Atom - - - - ec4c92b6-83e5-4051-9aef-fa7d02e292b8 - Jabber MUC or IRC - - - f50d17bd-701f-45f9-aae4-86bfcf34cd7c - discussion forum + A mailing list (e-mail conference) or other equivalently open and decentralized technology should be used for the many-to-many communication. + Having an „old school“ mailing list is not mandatory – it might be e.g. a P2P distributed technology or some self-hosted forum. e746eb5b-8d8b-4ec8-9315-a311f35e156a - do not push users to register at a proprietary social networks resp. at particular company like Facebook – users without such account must not be discriminated – use open and decentralized networks/protocols instead - - - a1a3c037-37e3-4283-abab-e275f7d17442 - Q&A tool + FAQ + Users must not be pushed to register at a proprietary social networks resp. at particular providers of such services. + Users without such account must not be disadvantaged – use open and decentralized networks/protocols instead. ff537045-819e-4dec-a020-d2c9f2c3292b - there should be a second-level internet domain for the project or its team - - - b54d4978-974b-4743-bdba-7d4957bc9ba7 - but do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users + There should be a second-level internet domain for the project or its team. + But do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users. a1141312-5177-4d68-bb14-fce952d542c3 - URLs should be as stable as possible (do not break old links, set up redirections if needed) + URLs should be as stable as possible – accessible in next decade. + Do not break old links, set up redirections if needed. c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb - the website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website + The website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website. + Embedded content from the third-party servers causes leaks of sensitive data (tracking of the users) and also denies decentralized nature of the internet. - c1d9052d-dfe5-4fce-a82c-d618dc4689fa - authors should publish their public keys (GnuPG/OpenPGP or X.509) + d5fbcc9e-a12c-44ce-909b-f514a579ab7e + JavaScript or other code executed on client computers must be also free software with properly declared license. + see https://www.gnu.org/software/librejs/ c89e8699-574c-4b28-9f65-6284d6051f68 - crpyptographically secured e-mail address or web form for receiving security vulnerabilities report - - - b6cf8d5f-0fc9-46f7-8e38-8342a1229037 - every security incident must be clearly documented and investigated – do not obscure it - - - e41134a4-715c-4926-a7df-01ff3759eda1 - There should be public directory of extensions/scripts. + There must be a crpyptographically secured (GnuPG/OpenPGP or X.509) e-mail address or a secure web form for receiving security vulnerabilities reports. + Particular authors should publish their public keys. + Every security incident must be clearly documented and investigated – do not obscure it. fed07648-106a-4b7c-9026-509c82109448