On Fri 2023-06-30 13:15:41 -0400, Ruben Rodriguez wrote: > I wrote this a few years back, so it now needs a round of review to > match the current standards and practice in license tagging. It is > still a useful reference for the type of changes that need to be > implemented in LibreJS, so it can correctly identify the licenses on > many sites that already tag theirs scripts in ways LibreJS could > understand. >
The document mostly looks sensible to me. I haven't looked into JSDoc or Source Maps specs etc. At this moment I am reading it mainly to infer the context around the IRC messages regarding adding spdx support. Extending @license to support spdx-identifier like so: @license [optional-url] spdx-identifier sounds reasonable. But if we want to be able to recognise script tagged with spdx in the wild, librejs needs to support (common) usecase in the spdx specs, like `// SPDX-License-Identifier: GPL-3.0-or-later` as mentioned in <https://spdx.github.io/spdx-spec/v2.3/file-tags/>. > Make @license-end optional. If not included, a @license tag will > apply from that line to the end of the script, or to the next > @license or @license-end tag. This would make LibreJS compatible > with the JSDoc standard: https://jsdoc.app/ tags-license.html As Ruben mentioned in the IRC chat, making @license-end optional can create inconsistencies between librejs's understanding about the licensing situation and the script author's intention, when scripts are concatenated into a say bundle.js: #+begin_src js /* content of foo.js which is under gpl3+ */ // SPDX-License-Identifier: GPL-3.0-or-later // code from foo.js /* content of bar.js which is nonfree */ // code from bar.js #+end_src librejs will assume the code in bar.js is also under gpl3+, and let it through, when it shouldn't. Does the spdx spec cover this issue? Also a minor correction: > Note that the actual implementation has always been restricted to a > specific list of identifiers, and not any human readable name as the > spec suggests. Not really - the actual implementation only checks the magnet link, and prints `Recognized license: "${licenseName}".` for the license name of the magnet link. So if you do @license <magnet-link-for-gplv3> apache-2.0 It will print Recognized license: "GPL-3.0" Best, Yuchen -- PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0 <https://ypei.org/assets/ypei-pubkey.txt>
