[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Updated version of proposed LibreJS spec changes
From: |
Yuchen Pei |
Subject: |
Re: Updated version of proposed LibreJS spec changes |
Date: |
Sun, 23 Jul 2023 11:10:26 +1000 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
On Fri 2023-06-30 13:15:41 -0400, Ruben Rodriguez wrote:
> I wrote this a few years back, so it now needs a round of review to
> match the current standards and practice in license tagging. It is
> still a useful reference for the type of changes that need to be
> implemented in LibreJS, so it can correctly identify the licenses on
> many sites that already tag theirs scripts in ways LibreJS could
> understand.
>
The document mostly looks sensible to me. I haven't looked into JSDoc
or Source Maps specs etc.
At this moment I am reading it mainly to infer the context around the
IRC messages regarding adding spdx support.
Extending @license to support spdx-identifier like so:
@license [optional-url] spdx-identifier
sounds reasonable.
But if we want to be able to recognise script tagged with spdx in the
wild, librejs needs to support (common) usecase in the spdx specs,
like `// SPDX-License-Identifier: GPL-3.0-or-later` as mentioned in
<https://spdx.github.io/spdx-spec/v2.3/file-tags/>.
> Make @license-end optional. If not included, a @license tag will
> apply from that line to the end of the script, or to the next
> @license or @license-end tag. This would make LibreJS compatible
> with the JSDoc standard: https://jsdoc.app/ tags-license.html
As Ruben mentioned in the IRC chat, making @license-end optional can
create inconsistencies between librejs's understanding about the
licensing situation and the script author's intention, when scripts
are concatenated into a say bundle.js:
#+begin_src js
/* content of foo.js which is under gpl3+ */
// SPDX-License-Identifier: GPL-3.0-or-later
// code from foo.js
/* content of bar.js which is nonfree */
// code from bar.js
#+end_src
librejs will assume the code in bar.js is also under gpl3+, and let it
through, when it shouldn't. Does the spdx spec cover this issue?
Also a minor correction:
> Note that the actual implementation has always been restricted to a
> specific list of identifiers, and not any human readable name as the
> spec suggests.
Not really - the actual implementation only checks the magnet link,
and prints `Recognized license: "${licenseName}".` for the license
name of the magnet link.
So if you do
@license <magnet-link-for-gplv3> apache-2.0
It will print
Recognized license: "GPL-3.0"
Best,
Yuchen
--
PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0
<https://ypei.org/assets/ypei-pubkey.txt>
- Re: Updated version of proposed LibreJS spec changes,
Yuchen Pei <=