From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id qLoiJWqfxWIDIwEAbAwnHQ (envelope-from ) for ; Wed, 06 Jul 2022 16:42:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UEAjJGqfxWKWJQAAG6o9tA (envelope-from ) for ; Wed, 06 Jul 2022 16:42:50 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0525A37D97 for ; Wed, 6 Jul 2022 16:42:50 +0200 (CEST) Received: from localhost ([::1]:57254 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o96Er-0008PS-3B for larch@yhetil.org; Wed, 06 Jul 2022 10:42:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46034) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o96EQ-0008P6-CX for emacs-orgmode@gnu.org; Wed, 06 Jul 2022 10:42:22 -0400 Received: from sonic315-20.consmr.mail.ne1.yahoo.com ([66.163.190.146]:46547) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o96EO-0006cF-Ea for emacs-orgmode@gnu.org; Wed, 06 Jul 2022 10:42:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1657118538; bh=uN0PvzQOvauUO57JyW66bmoO+5YZrgqj5IgUEKakqvc=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=hLoXuTBp2sa6m7IQLczzRbFmdNZU2Mcus/PPsG5fBKylbNxN2cqZnZXVP4LVv5xfI4I22NmgTprpLtiJuRZ4/WFTCrM6b7OV0oCAdfyXk2hmtyJzaYL9mtxWornzSNASTOFtGWmz1GhjEugSzaiuV7T4vY61pKeyyh6yQt4FRVHG77hkN6FiF1mjR5cXWw5BM4qZM4JuDKWLpUQ4qzCjuBeE2AH7VsKBDZXSDOsXapeO4KsT0cCck7x3fr+dcVVnYTdyUZHGHhUXI9VkdbmIC8ucpOkKJKu6P4ZfVFNfbOH7J7v6X52NvyAZ6AMnzGshEKSPbgncJAfLbMJToCO1eA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1657118538; bh=vB3qCX8yQm0HKxQvMUwEjT26DEzba3ZEI+h02m+nsyu=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=kNCcA2gq82bn0HKPGgWT7JdfFeOAdnpdtziEUC90f9Sl4bV52MhHh7Ja7mhtiIn+DBniXscp0GxCpjSU/pbVCF2J6yte9iSGE47MZ4xqbNNXpt75gONxpCPz24XcP8qEPE2tNICh1PpS8Vh/sSlKRnNAjHSEYc3NmHBEEwrpoCn3LeyGWQTWByPbuKk43CYdJKYJdOoE7bYTyt090xEhcojTxZdGO2Hsva+tF2J6SS0cpb/Hq3BRaF+mqOVEVd4GvI08DETNHKehN/ygEC6U6wsqLNhwOnbEg9/xfHnhjVdHyg9gDpPmPYoBcbJXvK6lXE7SfKffDCT6/xKYoD/ibg== X-YMail-OSG: _AsNn2sVM1kN77oi1IipeKJrQ8Rx4ZqaoWYFhfPjLv0KF1KlczQfnbayXLw2S0a ftBsZyWGRV2DaDHZbf4QovXahMBk4IKTLXgzXtRB1CQeQ7NRpo9OBuGZPZzcs1wIvPG6zXqA1qLz ONiRW0O3pRD8DCYDDKZ6yl0aOv0aoUYwI8cnPQs2TGcWOre2Ul3KcW1GsIZuf.VJsgNFVA9YGeMW 4avMNCsxeoKNqDSIxv_5HyAjhDl77XwAmtLXOc8SzfNQEKgBWa.OX9KfOofIrXEGew8hwH6w0G1R dTc3fcFZATFApy8WRBvf16V4juhgRgzS3XIBVKdsOv.GL6pBO7Km6XrH7SU4xdQ3oNnwjKuqXmTR afBVJNhPuqZJGuNDtBcyQqRtc9qTqr6zm6iJbwzumBFX1FwaeN5gVTNAqlMd979IspzzNgCF3MBT IQXczbM5rpgW8.HR4HuixNSuaaXLD65MEL4Orp0JPLbBAK7wR2gnj4soFRh29_aA3lPUydeaZcXE oB24E6tfl5U3Q_EXjKoSDi9lJhBzwTs9yWqROrs5dbPQ8WvJ4goo0PP_8.Ozky1sK_8yBxq9Qp6r XxM88DevB.oOFf4SD51J02vHBNeCJMV10eAEUclPO4cZWZZSHrQclN5j91VIRU8.Vxbf9yV0mwE2 2uzv0NmvLpO.bTV2kY6hxnslK2d8WAWUj5kNzJg5IjvY85h7iK1NXKjKF2g59HH.dWbl7.ZgfaDu Xkg8ykdKZUlk2_XtZSyzK6VGpmt_hdD3xxbmHdcsVDtvRyPysLKq8Zcl.DjRZJzk_UGd3COJOmKm Lyw1_WSXgNHhFbe8bl7tG9mwMbb0qEpnr2WVFuFmLxwVHkbIxvlUpKgzZxDbvttB2pgmsb9tBAZW vy7ksw2FQ5huRxRw.upRCsNTs2q6XW1PBZTXgJSH6.z0IpIpAASNsOaJjF84qV5eEVQQvSX9uw4m rC1B.mtFmyAhYf3S2taTr0fGMWIt4ddfUA7wuQgpJmqp5MCY53f._379mPHHPJ6z4z3wJRtINT4J piQCMcCr_GfjqgW04f5iOHcoeQO3Ldx9z4ps2YNfKybEyonYzoNfLeoHYwmGLH4ro88S5TZP046O RpBvy8O1rdlwDarX5Ptgfa6DMQYzYonceK4VyP9U8kU_A4hVlMYVeBx6N.p1JKMa6h.I8kMF1OLQ kKfD.KR5TRyITtMMwjp_j80sTy4RKp_x819dbufqKuOGNIbtJ30y2pYpkfBaTpxOwgsynZUqjcgw 5CjMnbWInou7InB72bGdFrjO572exwrV.3j8_J6zf4pFnYTerVBfPVXs7X_R4tRcYrfWjcKjr3IE i5xr8lJradSEYAH_SMo.J.pYCQ3bO9OZXEa9wUt2CHzKpZRSyp0UwgNCvWlvfWh9NzavlP0YMeau JEOScUb8fDtRnEDD5zNYlHgYQbjcob79V4gRt4fg0moiNElJpTF_Mc5FUyU28v3sbz3trVNMCQlo Z4.EhsqSMWVo0_LvZjftKiGwm1Mu9_J1Qus_3_TbpEmo6x1X0NrbfIYEFxKDh4SvmdFQAenbo4JP 1IcPAqMHxYIpq5aCjxy8oD5rsMPmY7D_tVtKkRtErCQ1mEbNL6o5o4NN.ZcH6FQDciCoDj..coky h9K_VB2ZGyXVpnrTcr33JLWga0H1BfNJ05eDpRecnqSICemeFJWW2Fi3j8KFaOsPgIis4CGn6hOp G00.uvXH4dDHATAxfZB1APJmD_BWFtbegivRv_uGkshvwKkMiUQt9GXNPPabQX8S365QTlDi0rE0 NhxMyJDxzW8.STP27ApNuJ7N2vTQhbYXvw8WVzDpmZS8pP6HyQV4v7vFrBj7wO.jNAm6DJQ7Wh56 K4YRcnqRYdv22CqrhZfQ6zIip5d_tegwHAFyvAjIBbQL9sx_QHjGWswNPKAYHipJbPCFVRggnBmi nYK5UMUDqL8QNxADJX3Psfh0Kz9nPDeIJEnY61b5AebCoLJP_5qiD6jsmEc3ino2qjTBcFc6huw6 YlZAVRKOf_I_f_ugQ05Nd.Z.i3NCvmld4XJomWFl2R91Bgii.534wfCtASXWBLFsKdt2wPkJC8.I vIRhVXknUxbuQIYyMOE3.8yiSh.o_SAzwt.0F.qQ.oB.3eoXuzMwwlfAw.MxjlnJ00_iMAIj3wgZ KMmw5mUuH1w1rlLrFZ1dtEnuO8.qSqSh307ymok_NxlEhjALUSLVGSAqcP.UgMD7SIz55Uuq1q8h JGKl2uwuGBtXp8fxkOVpGAtqqjA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Wed, 6 Jul 2022 14:42:18 +0000 Received: by hermes--production-ne1-7864dcfd54-xmlhn (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6572d82be767e7ec0bb73ff92bddbf7b; Wed, 06 Jul 2022 14:42:12 +0000 (UTC) From: Hendursaga To: rms@gnu.org, Ihor Radchenko Cc: tecosaur@gmail.com, vikasrawal@gmail.com, bzg@gnu.org, c.buhtz@posteo.jp, emacs-orgmode@gnu.org Subject: Re: Links to javascript-based websites from orgmode.org: Paypal and Github In-Reply-To: References: <0472f849f3ae42df68b0f031d61594d9@posteo.de> <877d9j3u91.fsf@localhost> <17c95e5a298c213c63b6f7ac9f05aac4@posteo.de> <87y21z2d2b.fsf@localhost> <871qzqg81c.fsf@gnu.org> <87r17q2n3i.fsf@localhost> <877d9ij990.fsf@gnu.org> <87iloyyd1y.fsf@localhost> <87r13kxh60.fsf@localhost> <87r13ao1p9.fsf@localhost> <87fsjhz7t0.fsf@gmail.com> <87tu7xm4ru.fsf@localhost> Date: Wed, 06 Jul 2022 10:42:09 -0400 Message-ID: <8735fenvzy.fsf@aol.com> MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.20381 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.aol Received-SPF: pass client-ip=66.163.190.146; envelope-from=hendursaga@aol.com; helo=sonic315-20.consmr.mail.ne1.yahoo.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657118570; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=uN0PvzQOvauUO57JyW66bmoO+5YZrgqj5IgUEKakqvc=; b=C6Vy5UA2Q5Ja7llKQVYMcLod+ros0SL5tZ+b2o1JkZ3iM8lkvVsP3t7foEdnFEPISlpUL4 9K/6IPg75yVUuwpdt9bkvuvTXi5PtTpf/b8BFibaO4uquJM2nUOKbB938w/TU9JfGA1Rti dox7Y7SbUa74R6hk0Q5p/t8/P/i+eh0seIK1AWDWxXusgADz9yARnH+RNDceE7XPNf+t4b WTmWUwRbBlGMBoBAI/Z5Yw3Scpq0lARF9iOvm/dkdCW+2J98gOCV93ejFKYNR8F8+hJRPI NZBhu3WDtSTaLjHK+yEHy+gMJDuOLMFZ/KADpH9ctDVaxMgdy8ij+WLps26eIw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657118570; a=rsa-sha256; cv=none; b=RdvjhogrHr6m1g2LHW0U9xTQJxaqb9X2V9lQAp/H7IiS6b04tVqzQVruyRYz30ixObbTmC Bva8T/tQjk1era9RNQYlhaaXRm65f/aXXA5bNl80vUkXY/T+EurFWknLKsmK8ljG005FXe E1BvCUFL1zIndQE+aIU6b6cJ5Zmyyt75q9xc1nMAYEJKeuAgDg6xgS2+oHxdhNqlS5XrGO OxgRhfb8aOXfg8eUXoXMyghyyWnXRwMp/N6sr8rEthic93kZNfWM2w9CbF6NcK+Stm3vGe /Ct/wBUWrKtJY+x3DGvpgzBg9zquSe4nR0lhkgzV1YLW7ZFXzpvH9jzkTRYmzg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=aol.com header.s=a2048 header.b=hLoXuTBp; dmarc=pass (policy=reject) header.from=aol.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.95 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=aol.com header.s=a2048 header.b=hLoXuTBp; dmarc=pass (policy=reject) header.from=aol.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 0525A37D97 X-Spam-Score: -3.95 X-Migadu-Scanner: scn1.migadu.com X-TUID: 2XegEizerZIl Richard Stallman writes: > Wow! If that is what it might be, it would be great news. But we had > better verify it carefully, because it sounds too good to be true. > Would someone like to check the details thoroughly? I'm afraid it is, indeed, too good to be true. The README at https://github.com/stripe/stripe-js lists: "Note: To be PCI compliant, you must load Stripe.js directly from https://js.stripe.com. You cannot include it in a bundle or host it yourself. This package wraps the global Stripe function provided by the Stripe.js script as an ES module." Loading https://js.stripe.com/v3/ (the latest version) in a browser yields a minified blob of JS. At the very end, it has an error message, "It looks like Stripe.js was loaded more than one time. Please only load it once per page." Searching this string on Stripe's GitHub organization yields no matches (indeed, searching all of GitHub yields no matches). The best you could do is mitigate some of the risks, such as detailed in https://mtlynch.io/stripe-recording-its-customers/ but unfortunately that carries additional risks, such as "Stripe clients bear the cost of chargebacks against their application, so they should decide how much information to share with Stripe to reduce those chargebacks." -- Hendursaga