On Sun, 23 Jul 2023 23:44:19 +1000 Yuchen wrote: > On Sun 2023-07-23 01:23:59 -0400, bill-auger wrote: > > how would librejs know on which line > > of the concatenation does foo.js end and bar.js begin? > > For mere concatenations, requiring a @license-end and rejecting any > script with only @license but no @license-end fix such issues. This is > the existing librejs behaviour btw.
that fixes the issue only if every javascript in the bundle declares licenses in the librejs format, and every "bundler" program leaves those comments in tact, or if the bundler program itself identifies the beginning of each input file in the output file it does open a path for libre-minded web devs to use the bundling programs - i suppose that is the intention; but it does nothing for the remaining 99.9% of the code bundles that librejs will encounter in practice im mainly thinking of ways to make more of these code bundles to be machine-parseable, despite any web devs' lack of diligence - the authors of the "bundler" programs could do that quite easily, by adding those "begin_src foo.js" and "end_src foo.js" separators - because they discard that information, downstreams must treat the concatenation as a single derivative work derived from multiple works of unknown authors and licenses, with any ill-licensed parts tainting the whole On Sun, 23 Jul 2023 23:44:19 +1000 Yuchen wrote: > AFAIK mistaking a file under a copyleft license to be under a permissive > license is only harmful when someone redistributes the code (e.g. turn > it proprietary), but the usecase for librejs is to accept or block > "first-hand" scripts before executing it, so this issue seems irrelevant > to me. the purpose of librejs is not to prevent harm - its purpose is to inform the user whether or not the javascript offers all four freedoms, and to prevent code from running which is lacking some of the four freedoms - the four freedoms requires that everyone who receives a copy of the code is free to re-distribute it - if permission to re-distribute is missing, the code is non-free by definition, and so librejs should reject it - ie: the bundling process turned it proprietary before the user got a copy if the licensing is unclear for any parts of any file, librejs or the user would need some way to determine precisely which LOCs each license applies to, so that the ugly parts could be discarded (restoring the discarded freedom to whichever parts can be rescued) - the same information would be necessary for a user with no intention of re-distributing, to run the well-licensed parts while blocking the ill-licensed parts, or for librejs to do that automatically
