Revisit TermsOfUse after Feedback from Codeberg members #18

I believe this should be "notifying maintainers" ?

Wouldn't it be better to communicate Terms of Use changes (which should be relatively infrequent, I presume) via email, instead of relying on people to regularly log into Gitea's web GUI?

We decided on this approach specifically to endorse making smaller changes a bit more often - for example, anyone could create a PR here (e.g. a team of moderators at some point in the future, or a user who finds an issue), the presidium might bundle a bunch of them over a few months and then the association members can decide if they should be used (or maybe even which ones of them).

If that becomes a common process, receiving an email each time is probably quite annoying, and not many people will probably read it there. Ideally, we could make this a part of some email notification settings at some point, but our system doesn't really allow for that yet.

I like the approach of bundling changes over a couple of months, but then receiving an email once or twice a year about TOS changes shouldn't be a big deal, right? :-)

On the other hand, you cannot assume that everyone regularly accesses Codeberg via its web interface. Some people might be using a CLI (e.g. Gitea's "tea" CLI) or mobile app (e.g. GitNex) to interact with Codeberg, while others might have coding-heavy workloads, interacting with Codeberg mainly through Git and Email. Simply shifting the responsibility onto the users by saying "If you do not login for longer than three months, it is your own responsibility to recheck for the current Terms of Use." might be the easy way out, but it's certainly not the right thing to do.

You may also want to review the legal boundaries to one-sided TOS changes under German law in this context.

We had voices telling that they did not want to receive any email notifications about ToS changes, as they are quite annoying. TBH, I never read those, and I'm just annoyed personally, too.

Further, we fear that we can't reach everyone via email, so having it directly in the platform sounded like a good idea.

Lastly, some platforms even say you have to check the ToS prior to every use, so I think this is fine. If someone wants to receive updates, they can just watch this repo here. Maybe we can give this hint somewhere.

While it's true that there are people who don't care about changes to the TOS, there are also people to whom this is very important. So, as long as there's no "opt-out" button to those notifications, the question becomes: Is the very minor inconvenience of having to ignore maybe one or two emails a year for some people worth forcing other people to regularly log into the web interface?

As to your suggestion of just watching this repo: This would mean being notified about any other developments in this repo as well, generating lots of "noise". That would at least be equally, if not more annoying than the proposed TOS-specific emails.

Your concerns about people not being reachable via email are understandable, but that can be mitigated by posting TOS changes both via email and via a message in the web frontend.

Regarding your argument that other platforms are worse: Yes, there most likely are platforms that ask unreasonable and impractical things of their users, such as obligating them to constantly check the TOS for unilateral changes. Regardless of whether that is even legal in Germany, should Codeberg really take that as an excuse to not do it better?

Agreed, I'll try to discuss this if we should still send the mail to everyone.

Other objections IIRC were on the technical side (mail reputation for sending so many emails + we don't have a newsletter system for all Codeberg registered users).

Sorry if the following is not implemented right now - I'm new to Codeberg. Do you have granular notification settings that could allow email notifications only on project releases? Then in this case you could "release" the rolled up smaller changes in larger "releases" and people would only get notified about that.

Regardless of whether this filtering is available, I think this paragraph should definitely mention the already existing possibility of getting email notifications by watching this repo (ideally providing a deeplink to the watch button if possible).

Since you don't actively communicate ToS changes anymore (the user only knows that it was changed when they log in and load up the dashboard), I can't guarantee that I will notice when there is a change I disagree with.
To make sure that I comply with the new ToS I'm deleting my Codeberg account; if I wouldn't, I could suddenly not comply to the ToS at any point of time, unknowingly to me. Actually, at this point of time, I'm in violation of the ToS because I don't agree with it.

I'm sure enough I'm not alone with this.

But before deleting an account I always do a total data takeout.

I wasn't able to find where can I request it, and also the privacy policy does not inform about that. Could you help where can I request it?

But before deleting an account I always do a total data takeout.

I wasn't able to find where can I request it, and also the privacy policy does not inform about that. Could you help where can I request it?

https://codeberg.org/repo/migrate

Codeberg is hosted Gitea, you use either your standard Git tooling for repos or you use the Gitea Migration feature, which supports non-repo content such as Issues.

To make sure that I comply with the new ToS I'm deleting my Codeberg account; if I wouldn't, I could suddenly not comply to the ToS at any point of time, unknowingly to me. Actually, at this point of time, I'm in violation of the ToS because I don't agree with it.

I'm sure enough I'm not alone with this.

AGREE

But before deleting an account I always do a total data takeout.

I wasn't able to find where can I request it, and also the privacy policy does not inform about that. Could you help where can I request it?

https://codeberg.org/repo/migrate

Codeberg is hosted Gitea, you use either your standard Git tooling for repos or you use the Gitea Migration feature, which supports non-repo content such as Issues.

I know it is a Gitea, and also know about the migrate function.
What I meant is a full data takeout on data stored about my account, as it is usually meant.
Also, I don't have repositories, I mostly just opened issues and commented on others.

Still, thank you for your response, it can be helpful for others.

Can you clarify on what content you deem harmful to Codeberg's reputation?

I believe that rule has been simplified a bit, but as far as I know it's mostly content that is directly telling people that Codeberg as a whole is bad, and has that message as one of its main intentions. But it might make sense to clarify that line a bit in a further revision.

How about "Content that harms the reputation of Codeberg without ethical and charitable foundations." ? It would be nice if people weren't made nervous about constructively criticizing Codeberg (although the only repercussion is removal of content!). I think the acceptable barrier is "charitable, ethical criticism".

yes! by example i reported a time ago the bug that migrations from github were broken .. due the constant upgrades.. i mean codeberg is a gitea instance, and gitea developers are knowed for constants upgrades+features event stay solving the issues (of course always paste security fixeds but..), on each new upgrade/release the common is new bugs that relies in those upgrades

This sounds to me a lot like the famous "benchmark prohibition clauses" of various platforms. I.e., I can not maintain a collaborative CSV table of VCS code hosting providers that also lists Codeberg if Codeberg would not be seen as a winner between the alternatives overall.

Is this really what you wanted to codify in your terms of service?

By the way, this is not a hypotethical question, we are in the progress of collaborating in comparing various properties of different software.

Can you clarify on what content you deem harmful to Codeberg's reputation?

5. You must not share any content that's expressing hate or encouraging violence towards a person or group for any reason. We also explicitly do not tolerate:
   • Discriminatory behaviour towards and promoting oppression, especially of marginalized groups on grounds of ethnicity, gender, disability, nationality, education, age, and religion.
   • Violent nationalist propaganda, Nazi symbolism or promoting the ideology of National Socialism.
   • Insults, discriminatory jokes, sexualized comments and other unwanted sexual attention.
   • Sexually obscene content, including content involving the exploitation or sexualization of minors.
   • Content that's glorifying violence; that includes any violent material without a proper content warning.

There was one reason to use Codeberg, and now it is the same faceless authoritarian "we" that gets in without warning or actual compliance.

I am deleting my account.
Edit: Turns out that means having to delete every repo manually.

Can you please clarify what you deem as indirectly "harming Codeberg e.V. or its associated platforms and services"? To me, this point seems overly broad and rather harsh. I'm worried that, with enough creativity, it can be interpreted to include any kind of behavior (including voicing legitimate criticism), intentional or unintentional, directed or accidental, against a set of entities that isn't precisely defined. I'm sure that this is not your intention, since I have gotten to know Codeberg as an open, friendly platform that highly respects their community, and I can understand that you don't want "loopholes" for bad actors on your platform, but I think a "catch-all" clause like this is sending the wrong message with regards to the former.

I would think this more or less refers to § 2 (5), but would agree that this is not specified too well in that case - it could also refer to "direct or indirect damages" in a legal sense.

In any case, the content needs to harm Codeberg e. V. as the association, platform or service - that means that saying something critical against certain people from the association, or criticism towards our bylaws, daily processes, etc., quite definitely can't be interpreted as harming Codeberg e. V., it's more about e.g. telling people to run a DoS attack against us, or running an anti-Codeberg campaign on Codeberg Pages.

In my opinion, this paragraph would benefit from being shortened a bit, to make it more concise. Maybe something like:

Please be aware that this list is neither exhaustive nor complete. An account can get suspended at any time if it is used for activities meant to harm Codeberg e.V. (including the platform and services run by Codeberg e.V.).

Maybe, but we had an internal review and discussion period of more than two months, and I think we are not going to accept further changes during the final voting period. Surely, people already voted on the current version, and we should not just alter it now.

Maybe we can save the suggestions for a next iteration whenever that might be.

The key thing here, I think, is "internal". Correct me, if I'm wrong, but those who aren't members of Codeberg e.V. had no opportunity to provide any feedback on the proposed changes before they were put up for voting. For something as important as the Terms of Service it would have been desirable to at least give those who are affected by the changes a chance to provide their perspective. That way, the community stays involved and motivated.

The motivation behind the non-profit association is to have as many users as possible in there, to represent the userbase of the platform. Only those who are in the association have a vote here.

This pull request here was never meant for more extensive discussion.

While I agree that involving everyone for everything sounds like a good idea, it's notable that participation processes do a lot of work and headache. And for the whole terms of service iteration, this mainly stuck wiht me for the past months.

We have a lot of open issues where we ask for input, and get none. We have a lot more democracy than any comparable service provider. We really value every feedback we get. And everyone can get more access by joining the non-profit association and supporting the project, or using it as a service with a little less involvement.

But I think we should take a step back from utopy, and just save your feedback for a next iteration, as I said. I don't see another option to save me from the burnout I would have if the whole participation campaign was even larger. Thank you for understanding.

Listen, I can absolutely understand that you currently are under a high workload. When a hobby becomes a burden, this is usually a sign to step it down a notch and recharge. I take absolutely no issue with that.

But please, don't imply things that I never said. At no point, I asked for "involving everyone for everything". I also didn't ask you to immediately incorporate my feedback into the new TOS - I am aware that the decision-making process has advanced to a point of no return for this iteration. I am also aware that I have no formal vote, as a non-e.V.-member. All I wanted was to raise awareness for giving the community some time to provide feedback, in future decision-making processes with high community impact.

I have no intention to start a fight or a big argument, but I couldn't leave what you said uncommented, as it was giving an incorrect impression of what I actually meant. I understand that you do not want further discussion of the TOS on this PR and, while I'm not agreeing with your opinion, I am going to respect it by refraining from giving further comments on the TOS. If you want, we can settle the discussion at this point - you don't have to answer to this (unless you want to).

I have no intention to start a fight or a big argument

That wasn't my impression. Thank you for your points after all. I just wanted to outline my motivation behind not doing another public call for review for this document. I'm sorry, my wording was too harsh.

I'm generally in favour of doing more things in the open, and I'm annoyed that some discussions have been started somewhere internally, getting stuck there, but it's also a weird thing to copy them and start anew. I still have to disagree to

That way, the community stays involved and motivated.

Because I don't see many community contributions after all, and I have heard often that the flood of open issues looking for feedback is just overwhelming. I think, sometimes it makes more sense to just create concise polls, e.g. on SocialMedia or better somewhere in the app.

Still, if the effort is equally for a private and public review period, and there are no strong reasons against doing it in public, the latter should be prefered. Maybe we can make this for similar projects in the future.

Just noting: If you have further comments on the proposals, please say them anyway. Codeberg members reading this before voting will surely consider them, and they can be collected for future iterations. I'm tired now, but I'll copy your proposal above in a new branch already.

Have a good evening.

Still, if the effort is equally for a private and public review period, and there are no strong reasons against doing it in public, the latter should be prefered. Maybe we can make this for similar projects in the future.

That sounds like a good way 👍

Have a good evening.

Thanks, you have a good evening too! 🙂

I agree that the association should handle these internally. It is also a nice gesture to offer to discuss suggestions internally in the future.

Involving random crowds can only result in endless bikeshedding. I.e., some point will always be debated by some member of the crowd, even an anonymous competitor in the worst case. This can and will take away all your energy from maintaining and bonding within the association, so you must resist whenever possible.

https://en.wikipedia.org/wiki/Law_of_triviality

i am bit late here but what means "testing repos" how this can be detected, also migrations are marked as migrations? what is the difference between a migrated repo from github that have a lof of new commits pretty different and a simple "mirror by hand" started from migration?

i opened a issue abouot this at #19

From this, I read that if you removed certain content uploaded by someone else in the past, and than I (unknowningly) upload the same or similar content, you may remove my account. This sounds a bit harsh.

Do you perhaps keep a public log of what you have removed in the past so we would know what we can not upload again? I think it would only be fair if we knew the rules in full.

Account removals, if at all, will be determined by looking at that's account violations.

In the past, account suspensions were a very rarely used tool. We usually quarantined content, but people left Codeberg by themself because we are i.e. "not as piracy friendly as other forges" 🤷

it makes sense to me that this sounds as tracked things also must be check the account not the content

What do we mean by "abandoned"?

Which of the following would be sufficient to reset your activity counter once every 365 days?

• Logging in via the web interface
• Complete any athorized git action (push-pull via public key, etc)
• Complete any authorized REST API action (based on token)
• Produce a new commit that is signed off by the account name & email?

Probably everything that is logged as action, we might also consider last login timestamp.

Since your user account already generated some all-time contributions in form of comments, please just accept this term.

Does that include nazi symbols shown in a historical context. For example nazi symbols in games that deal with it in a historical context?
Or programs that use flags to depcit historical countries, like this Wikipedia page does: https://en.wikipedia.org/wiki/1936_Summer_Olympics#Participating_nations

Does that include nazi symbols shown in a historical context. For example nazi symbols in games that deal with it in a historical context?

I was curious myself, so searched around - it appears that in the summer of 2018 the German courts now allow for this specific use:

• https://www.bbc.com/news/world-europe-45142651
• https://www.ign.com/articles/2018/08/09/germany-loosens-censorship-regulations-on-video-games-featuring-nazi-symbols
• https://www.lexology.com/library/detail.aspx?g=dd44ce45-d5cf-4189-a1b6-7bcc7e31605f

I think that those edge cases, if properly disclaimed, wouldn't be removed by the moderation team. I think that such data is a rare edge case, that definitely needs a case-by-case decision anyway.

If we added an exception here, people might just use this as an excuse too quickly.