Re: Feedback wanted: syntax highlighting in the LilyPond documentation

[Jean Abou Samra]

[Aaron]

> On 2022-01-04 11:32 am, Jean Abou Samra wrote:
>
> Always best to consult a lawyer on legal matters.


The wife of my cousin is actually a lawyer.
Sadly (but very happily in fact), she gave
birth yesterday, so she will not be in a position
to answer before a while :-)



> My layman understanding is that GDPR generally deals with information 
> that passes through servers that might be retained without offering 
> some form of end-user control.  Use of localStorage, rather than 
> cookies, should mean no settings ever need to be sent to the server.  
> Users are entirely in control of this local data, although I suppose 
> some browsers make it easier to access than others.
>
> For those with privacy or security concerns, the web site source still 
> remains entirely auditable as everything with styling is done local on 
> the browser.  And the code in question should be so trivial that there 
> is no need to minify/uglify it, so that preserves readability and 
> hopefully earns some trust that we are not doing anything shady.



That would also be my expectation, but see below.


> > Other than that, well, there is still JavaScript.
> > That's may not be the thing to be most happy about, but
> > we could check how LibreJS handles that JavaScript,
> > possibly adding stylized license comments, so that
> > it would be no problem to those people refusing non-free
> > JavaScript using LibreJS/IceCat. All in all this approach
> > does look promising to me.
>
> I think I am not understanding the concerns around licensing.


Me neither :-)

Basically, the root is this:

https://www.gnu.org/philosophy/javascript-trap.en.html

And this gives a bunch of advice for indicating
JavaScript code licenses:

https://www.gnu.org/software/librejs/free-your-javascript.html

Whatever your or my opinion, LilyPond is part of
GNU, so it has to stand with the FSF. Therefore
it is important to keep the website working with
LibreJS.

But I'm probably fretting for something that is
very easy in the end.



> At the end of the day, if someone does not want to use JavaScript, 
> then the functionality will not work. We should make sure the default 
> behavior of the site is sound for such cases, so no one feels they 
> have to enable JS if they do not wish.  That might mean the standard 
> styling needs to be black and white if that creates the least friction 
> for users.


If we add a toggle for switching highlighting on and
off, then the next question will of course be what
the default should be. Without surprise, I would prefer
if it were on by default, but I wouldn't mind the
other way.




Le 04/01/2022 à 21:31, Wol a écrit :
> On 04/01/2022 19:32, Jean Abou Samra wrote:
> > Forgive my igorance with the inner workings of the
> > Internet: what does this mean in connection with GDPR
> > and all that? Am I right that the fact that the
> > information stored on the user's device serves
> > a purpose essential to satisfying the very request
> > of the user means that it would fall under PECR
> > exceptions to the requirement of a banner asking
> > for explicit consent of the user? Otherwise, as
> > far as I can read, the requirement is that you
> > must ask for permission before storing or using
> > the data, so this permission could be asked
> > to the reader just when toggling highlighting
> > and not for everyone reading the documentation,
> > right? I'm a bit at loss trying to understand
> > what is OK or not in this respect.
>
> The fact that it's stored on the user's own device (and the server 
> never sees it) means that the GDPR is irrelevant.
>
> The GDPR places an onus on you to take appropriate care of OTHER 
> PEOPLES' information. If you never have that information, then the 
> GDPR is irrelevant. If you only have that information transiently, for 
> the purpose of satisfying the user's web session, then I guess you 
> just need to make sure that it's wiped when the session ends.
>
> The big problem actually is with the webserver itself. If it keeps 
> logs of people accessing the website, those logs are far more of a 
> GDPR problem than all this stuff on the web site.



Are you sure about that? This is one page that drew
my attention:

https://law.stackexchange.com/questions/30739/do-the-gdpr-and-cookie-law-regulations-apply-to-localstorage


Emphasis mine:

  Member States shall ensure that the **storing of information**, or
  the gaining of access to information already stored, in the terminal
  equipment of a subscriber or user is only allowed on condition that
  the subscriber or user concerned has given his or her consent, having
  been provided with clear and comprehensive information, in accordance 
with
  Directive 95/46/EC, inter alia, about the purposes of the processing.
  This shall not prevent any technical storage or access for the sole
  purpose of carrying out the transmission of a communication over an
  electronic communications network, or as strictly necessary in order
  for the provider of an information society service explicitly requested
  by the subscriber or user to provide the service.

That is the part I wonder about.

Cheers,
Jean