Re: Updated version of proposed LibreJS spec changes

bug-librejs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Updated version of proposed LibreJS spec changes

From:	Yuchen Pei
Subject:	Re: Updated version of proposed LibreJS spec changes
Date:	Sun, 23 Jul 2023 11:10:26 +1000
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)

On Fri 2023-06-30 13:15:41 -0400, Ruben Rodriguez wrote:

> I wrote this a few years back, so it now needs a round of review to
> match the current standards and practice in license tagging. It is
> still a useful reference for the type of changes that need to be
> implemented in LibreJS, so it can correctly identify the licenses on
> many sites that already tag theirs scripts in ways LibreJS could
> understand.
>

The document mostly looks sensible to me. I haven't looked into JSDoc
or Source Maps specs etc.

At this moment I am reading it mainly to infer the context around the
IRC messages regarding adding spdx support.

Extending @license to support spdx-identifier like so:

@license [optional-url] spdx-identifier

sounds reasonable.

But if we want to be able to recognise script tagged with spdx in the
wild, librejs needs to support (common) usecase in the spdx specs,
like `// SPDX-License-Identifier: GPL-3.0-or-later` as mentioned in
<https://spdx.github.io/spdx-spec/v2.3/file-tags/>.

> Make @license-end optional. If not included, a @license tag will
> apply from that line to the end of the script, or to the next
> @license or @license-end tag. This would make LibreJS compatible
> with the JSDoc standard: https://jsdoc.app/ tags-license.html

As Ruben mentioned in the IRC chat, making @license-end optional can
create inconsistencies between librejs's understanding about the
licensing situation and the script author's intention, when scripts
are concatenated into a say bundle.js:

#+begin_src js
/* content of foo.js which is under gpl3+ */
// SPDX-License-Identifier: GPL-3.0-or-later
// code from foo.js
/* content of bar.js which is nonfree */
// code from bar.js
#+end_src

librejs will assume the code in bar.js is also under gpl3+, and let it
through, when it shouldn't. Does the spdx spec cover this issue?

Also a minor correction:

> Note that the actual implementation has always been restricted to a
> specific list of identifiers, and not any human readable name as the
> spec suggests.

Not really - the actual implementation only checks the magnet link,
and prints `Recognized license: "${licenseName}".` for the license
name of the magnet link.

So if you do

@license <magnet-link-for-gplv3> apache-2.0

It will print

Recognized license: "GPL-3.0"

Best,
Yuchen

-- 
PGP Key: 47F9 D050 1E11 8879 9040  4941 2126 7E93 EF86 DFD0
          <https://ypei.org/assets/ypei-pubkey.txt>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Updated version of proposed LibreJS spec changes, Yuchen Pei <=
- Re: Updated version of proposed LibreJS spec changes, bill-auger, 2023/07/23
  - Re: Updated version of proposed LibreJS spec changes, Yuchen Pei, 2023/07/23
    - Re: Updated version of proposed LibreJS spec changes, bill-auger, 2023/07/24

Prev by Date: Re: Using debbugs as the librejs bug tracker?
Next by Date: Re: Updated version of proposed LibreJS spec changes
Previous by thread: Using debbugs as the librejs bug tracker?
Next by thread: Re: Updated version of proposed LibreJS spec changes
Index(es):
- Date
- Thread