Flask app for signing signatures

[Demindiro]

On #general-2 it was mentioned there is a need for an easier way to add signatures à la change.org. I should be able to bang something out this weekend with Flask and Heroku.

Brain dump

Some of my thoughts on how to best approach this.

UI/UX

All that is needed is:

• A brief description of what is being signed.
• Two text boxes for the name and a link to social media / website / email ...
• Confirm button.

Storage

We could either:

• Somehow directly commit files to / create PRs on this repo.
• Store the signatures somewhere and export them periodically.

Heroku offers PostgreSQL which we can use for storage.

Reviewing / confirming signatures

This can be either done manually or via email. I don't know if forcing the use of email is desirable though.

Heroku supports sending emails from apps though I haven't looked much at the options.

[6r1d]

On #general-2 it was mentioned there is a need for an easier way to add signatures

For the context, I've discussed ideas about the letter design with Richard Stallman and Russel Brand. In short, they believe we could see a new wave of votes by simplifying the process.

à la change.org

Yes, it's good, but JS requirement is a topic that was raised. If everything will be handled by the backend, it might be better.

I should be able to bang something out this weekend with Flask and Heroku.

Thanks, I really appreciate your help there.

I don't know if forcing the use of email is desirable though.

Honestly, I'm surprised there's only so much spam with all the "mailto:" links. We need some way to confirm the person's identity. I'd say "recommend email for everyone who likes it", and ask for social links, GitHub links, etc. in a form.

Store the signatures somewhere and export them periodically

We can even mail batches of typical .yaml files, but for emails, we leave a comment in a related meta-issue. Guess a number of .yaml files can be linked to one e-mail. I'd like to know what others think.

---

Besides that, there's another tiny topic.

If we can update the design after with a bigger, easier to notice buttons, less people will ignore it. I'll attach an example screenshot and markup. I guess the small site with a form is the most important. (Mega)

[Demindiro]

I've made a very basic prototype here: https://github.com/Demindiro/rms-support-letter-signer

I'm also hosting it on one of my VPSes if you want to try it without cloning the repo: https://dev.salt-inc.org/rms-signer/en/

[nukeop]

Is there a point? It's already as easy as it can get (you only need to make a comment). The matter is solved, and almost no one is signing anymore, since it's already over.

[6r1d]

I've made a very basic prototype here: https://github.com/Demindiro/rms-support-letter-signer

Thanks! We'll have to validate users, but that's a good start.

---

The matter is solved

RMS back at the FSF matter certainly is solved, moreover, the support letter got more votes.

and almost no one is signing anymore

Yup, I pointed out we've got very little interest and signatures. Russell believes the support letter could be restarted, because:

• the whole thing will not only concern Richard, so people from every corner of the Internet should be aware
• app sounds easier to sign to a user not from GitHub or Codeberg, because it will not require users to register

My opinion there: it can go in two ways. First: nobody cares and the URL isn't shared. Second: a lot more people start caring and a lot more people get interested, gradually.

[CrazyPython]

social media

You could show have people post a link supporting the letter on their social media page. Then have them copy the post link, then scrape the social media post to check the post and verify it is correct, and add the signature. Not only do you verify they own the social media account, their followers also see it.

This would still require some manual verification – do they post on local politics, is their profile picture real, when was their account created.

For Twitter, there's https://github.com/twintproject/twint, which lets you scrape without an API key and without ratelimits.

For GitHub, you can have people star a repo to indicate signatures, and who have created at least one public repo or merged at least one pull request. This has the added benefit of helping the project show in GitHub trending.