[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Updated version of proposed LibreJS spec changes
|
From: |
bill-auger |
|
Subject: |
Re: Updated version of proposed LibreJS spec changes |
|
Date: |
Mon, 24 Jul 2023 01:11:22 -0400 |
On Sun, 23 Jul 2023 23:44:19 +1000 Yuchen wrote:
> On Sun 2023-07-23 01:23:59 -0400, bill-auger wrote:
> > how would librejs know on which line
> > of the concatenation does foo.js end and bar.js begin?
>
> For mere concatenations, requiring a @license-end and rejecting any
> script with only @license but no @license-end fix such issues. This is
> the existing librejs behaviour btw.
that fixes the issue only if every javascript in the bundle declares licenses in
the librejs format, and every "bundler" program leaves those comments in tact,
or if the bundler program itself identifies the beginning of each input file in
the output file
it does open a path for libre-minded web devs to use the bundling programs - i
suppose that is the intention; but it does nothing for the remaining 99.9% of
the code bundles that librejs will encounter in practice
im mainly thinking of ways to make more of these code bundles to be
machine-parseable, despite any web devs' lack of diligence - the authors of the
"bundler" programs could do that quite easily, by adding those "begin_src
foo.js" and "end_src foo.js" separators - because they discard that
information, downstreams must treat the concatenation as a single derivative
work derived from multiple works of unknown authors and licenses, with any
ill-licensed parts tainting the whole
On Sun, 23 Jul 2023 23:44:19 +1000 Yuchen wrote:
> AFAIK mistaking a file under a copyleft license to be under a permissive
> license is only harmful when someone redistributes the code (e.g. turn
> it proprietary), but the usecase for librejs is to accept or block
> "first-hand" scripts before executing it, so this issue seems irrelevant
> to me.
the purpose of librejs is not to prevent harm - its purpose is to inform the
user whether or not the javascript offers all four freedoms, and to prevent
code from running which is lacking some of the four freedoms - the four
freedoms requires that everyone who receives a copy of the code is free to
re-distribute it - if permission to re-distribute is missing, the code is
non-free by definition, and so librejs should reject it - ie: the bundling
process turned it proprietary before the user got a copy
if the licensing is unclear for any parts of any file, librejs or the user would
need some way to determine precisely which LOCs each license applies to, so that
the ugly parts could be discarded (restoring the discarded freedom to whichever
parts can be rescued) - the same information would be necessary for a user with
no intention of re-distributing, to run the well-licensed parts while blocking
the ill-licensed parts, or for librejs to do that automatically