On Thu, Jul 07, 2022 at 11:33:39PM -0400, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > "Note: To be PCI compliant, you must load Stripe.js directly from > > https://js.stripe.com. You cannot include it in a bundle or host > > it yourself. This package wraps the global Stripe function > > provided by the Stripe.js script as an ES module." > > That is hard for me to understand, since I don't know what "PCI > compliant" means (or who is expected to comply with "PCI" or why). PCI probably refers to "Payment Card Industry" [1]: they set some standards people processing payments better follow or else. It's one of those cases where private industry gets to write things which amount to law. Much worse than traditional law because there is no democratic oversight to it. Typically they tend (by accident or by design) to be hostile to free software (the above is a good example of how that happens: they attach some magic property to having "loaded Stripe.js from [some specific URL]" thus hampering the copy, enhancement or distribution; you're only allowed to study (unless they serve obfuscated Javascript: I don't feel like looking). > Also, what is a "ES module" and what are the implications of that? That might be an "EcmaScript module" [2], given the context. > I wonder if users could run the free version of that JS code > while talking with Stripe. It's kind of free. If you modify it you stop being compliant, thus being allowed to use it. Cheers [1] https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard [2] https://flaviocopes.com/es-modules/ -- t