On Fri, Feb 09, 2018 at 03:09:34PM -0200, Adonay Felipe Nogueira wrote:
I think you're speculating. Please state clearly what parts should be patched (it's GPL software!).
I have started a detailed review in [1]. Discourse has a revision currently approved in the FSD (from 2015, according to the page's history), but this was long before the JavaScript trap article (and issues pointed there) came to exist.
Anyways, in [1] there is shown the output of LibreJS in a demo instance of Discourse. There is also a more detailed evaluation in a posterior section, but only raw results are there (no cleaning was made so far).
Hi Adonay, thanks for taking this up!
So what does it say? AFAIK it seems that LibreJS fails to recognize a number of Brotli-compressed assets. But I see no non-free code over there. What would help LibreJS to go green? I guess some licensing tag in the HTML would help it, but apart from that I see no reason to change the FSD approval: do you see any?
Well, the good thing with Discourse is that you can use it by email when it's properly setup to do so.
I hope it's not one of those no-reply emails. ;)
The From: email address is configurable, so you can use a no-reply email. Actually I came to create a private category for Staff and assign it the 'no-reply' address, so that any reply comes to that as a new topic ; you may also assign the address to a group so it becomes like a support email.
== hk