hydra.gnu.org needs to declare its javascript licenses for LibreJS

  • Done
  • quality assurance status badge
Details
10 participants
  • Adonay Felipe Nogueira
  • Joshua Branson
  • christophe.jarry
  • Christophe Jarry
  • Thompson, David
  • Ludovic Courtès
  • Maxim Cournoyer
  • Mark H Weaver
  • Ricardo Wurmus
  • swedebugia
Owner
unassigned
Submitted by
christophe.jarry
Severity
normal
C
C
christophe.jarry wrote on 7 Oct 2013 09:43
hydra.gnu.org uses nontrivial and nonfree javascript
(address . bug-guix@gnu.org)
5415a2508dff305c041e20f08c20793e.squirrel@webmail.ouvaton.coop
Hello,

If I go to http://hydra.gnu.org/jobset/gnu/masterwith Firefox, addon
GNU LibreJS 5.4 [1] reports this:

List of accepted JavaScript in

this script has been tagged as free software by LibreJS authors:


List of blocked JavaScript in

NONTRIVIAL: eval has been found in code:

NONTRIVIAL: eval has been found in code:

This script is detected as nonfree, external, and as defining
functions or methods:

This script is detected as nonfree, external, and as defining
functions or methods:

This script is detected as inline, nonfree, defining functions or
methods, and the rest of the page as loading external scripts:
$(function() { makeLazyTab("tabs-jobs",

Is it possible to use only free javascript for this page?


Christophe
L
L
Ludovic Courtès wrote on 7 Oct 2013 22:02
(address . christophe.jarry@ouvaton.org)(address . 15549@debbugs.gnu.org)
87zjqkvoht.fsf@gnu.org
Hi,

christophe.jarry@ouvaton.org skribis:

Toggle quote (3 lines)
> If I go to http://hydra.gnu.org/jobset/gnu/masterwith Firefox, addon
> GNU LibreJS 5.4 [1] reports this:

Thanks for the report!

Toggle quote (13 lines)
> List of accepted JavaScript in
> http://hydra.gnu.org/jobset/gnu/master
>
> this script has been tagged as free software by LibreJS authors:
> http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
>
>
> List of blocked JavaScript in
> http://hydra.gnu.org/jobset/gnu/master
>
> NONTRIVIAL: eval has been found in code:
> http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/jquery-ui.min.js

So jquery itself is free, but since it’s using ‘eval’ it might be
evaluating third-party non-free code, is that right?

Toggle quote (3 lines)
> NONTRIVIAL: eval has been found in code:
> http://hydra.gnu.org/static/bootstrap/js/bootstrap.min.js

Same here.

Toggle quote (4 lines)
> This script is detected as nonfree, external, and as defining
> functions or methods:
> http://hydra.gnu.org/static/js/bootbox.min.js

That file points to http://bootboxjs.com/license.txt,which is the
MIT/X11 license.

So do I get it right that it’s just a matter of letting LibreJS know
about it?

Toggle quote (4 lines)
> This script is detected as nonfree, external, and as defining
> functions or methods:
> http://hydra.gnu.org/static/js/common.js

That file is actually part of Hydra, which is GPLv3+:


Toggle quote (5 lines)
> This script is detected as inline, nonfree, defining functions or
> methods, and the rest of the page as loading external scripts:
> $(function() { makeLazyTab("tabs-jobs",
> "http://hydra.gnu.org/jobset/gnu/master/jobs-tab"); });

This comes from Hydra’s source:


Toggle quote (2 lines)
> Is it possible to use only free javascript for this page?

AFAICS it’s actually the case. However, all this lacks the right tags
for LibreJS to recognize it.

Could you tell us what’s needed to make it work?

I can then submit a patch for Hydra itself. It would be neat if someone
else would submit the JQuery/Bootstrap parts, though.

Thanks,
Ludo’.
C
C
Christophe Jarry wrote on 28 Aug 2014 21:02
(address . ludo@gnu.org)(address . 15549@debbugs.gnu.org)
20140828210247.55eaf80a8a058bb0572dd188@cjarry.org
Toggle quote (5 lines)
> AFAICS it's actually the case. However, all this lacks the right
> tags for LibreJS to recognize it.
>
> Could you tell us what's needed to make it work?

You should be able to do it with the instructions on those pages:


Christophe
M
M
Mark H Weaver wrote on 1 Jul 2015 22:17
(no subject)
(address . control@debbugs.gnu.org)
87oajvzl7r.fsf@netris.org
retitle 15549 hydra.gnu.org needs to declare its javascript licenses for LibreJS
thanks
J
J
Joshua Branson wrote on 16 Mar 2017 21:47
hydra.gnu.org needs to declare its javascript licenses for
(name . 15549@debbugs.gnu.org)(address . 15549@debbugs.gnu.org)
DM5PR10MB17383EFEF51A30901306453AA6260@DM5PR10MB1738.namprd10.prod.outlook.com
This is still an issue. There are a couple of eval issues and some inline code that raises flags for LibreJs.

Joshua
R
R
Ricardo Wurmus wrote on 9 Oct 2017 23:17
Re: bug#15549: hydra.gnu.org uses nontrivial and nonfree javascript
(name . Ludovic Courtès)(address . ludo@gnu.org)
87lgkkm35x.fsf@elephly.net
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (8 lines)
> AFAICS it’s actually the case. However, all this lacks the right tags
> for LibreJS to recognize it.
>
> Could you tell us what’s needed to make it work?
>
> I can then submit a patch for Hydra itself. It would be neat if someone
> else would submit the JQuery/Bootstrap parts, though.

Has our version of hydra diverged from upstream, or are we just using an
old version?

We need to add license comments to the JavaScript files and to
non-trivial embedded script blocks.

I would like to do this, but I don’t know where the code is that I
should edit, or if this should just be done on our single
soon-to-be-obsolete hydra.gnu.org instance.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
L
L
Ludovic Courtès wrote on 10 Oct 2017 08:55
(name . Ricardo Wurmus)(address . rekado@elephly.net)
87po9vpk49.fsf@gnu.org
Ricardo Wurmus <rekado@elephly.net> skribis:

Toggle quote (13 lines)
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> AFAICS it’s actually the case. However, all this lacks the right tags
>> for LibreJS to recognize it.
>>
>> Could you tell us what’s needed to make it work?
>>
>> I can then submit a patch for Hydra itself. It would be neat if someone
>> else would submit the JQuery/Bootstrap parts, though.
>
> Has our version of hydra diverged from upstream, or are we just using an
> old version?

We run an old and slightly modified version of Hydra. (Unfortunately,
we followed worst practices here, which means the changes are only on
hydra.gnu.org.)

Toggle quote (7 lines)
> We need to add license comments to the JavaScript files and to
> non-trivial embedded script blocks.
>
> I would like to do this, but I don’t know where the code is that I
> should edit, or if this should just be done on our single
> soon-to-be-obsolete hydra.gnu.org instance.

I depends on the breadth of the changes. Where are the license tags
missing? Is it mostly in .js files, or in <script> tags?

Thanks,
Ludo’.
R
R
Ricardo Wurmus wrote on 19 Oct 2017 01:48
(name . Ludovic Courtès)(address . ludo@gnu.org)
87o9p42f2a.fsf@elephly.net
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (10 lines)
>> We need to add license comments to the JavaScript files and to
>> non-trivial embedded script blocks.
>>
>> I would like to do this, but I don’t know where the code is that I
>> should edit, or if this should just be done on our single
>> soon-to-be-obsolete hydra.gnu.org instance.
>
> I depends on the breadth of the changes. Where are the license tags
> missing? Is it mostly in .js files, or in <script> tags?

We don’t need to add anything to .js files if we can write a table
containing the relative paths to all scripts and their licenses.

Here is an example:


A link to this table must be placed on all pages that load the scripts
(it would be enough to modify the page template). I’d begin by
collecting information for all scripts under /static/js and then
annotate all inline scripts with two-line license comments.

I don’t think I ever got access to hydra.gnu.org; I volunteer to make
the required changes (I’ve done this before for rcas.mdc-berlin.de and
guix.mdc-berlin.de).

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
T
T
Thompson, David wrote on 19 Oct 2017 17:15
(name . Christophe Jarry)(address . cjarry@cjarry.org)
CAJ=Rwfb7N25_iAyafXjN5_EVk1RSBR69vSEBev=yQCzUmXOj5w@mail.gmail.com
On Thu, Aug 28, 2014 at 3:02 PM, Christophe Jarry <cjarry@cjarry.org> wrote:
Toggle quote (10 lines)
>> AFAICS it's actually the case. However, all this lacks the right
>> tags for LibreJS to recognize it.
>>
>> Could you tell us what's needed to make it work?
>
> You should be able to do it with the instructions on those pages:
>
> http://www.gnu.org/software/librejs/free-your-javascript
> https://www.gnu.org/licenses/javascript-labels

I'd just like to point out that hydra.gnu.org does *NOT* use non-free
javascript. I can assure you that everything is free software.
LibreJS just needs to be told so using a very specific metadata
format. I really do not like that LibreJS tells users that they are
running non-free code and encourages them to complain to site admins
about it when really LibreJS doesn't know anything. I wish LibreJS
would change the messaging but that seems unlikely.

Part of my old job at the FSF was making sure LibreJS didn't complain
about things on FSF-run sites. It took a lot of time to do and I
don't think it was ever worth the effort. I haven't used LibreJS in
years and probably never will again.

- Dave
M
M
Maxim Cournoyer wrote on 22 Oct 2017 23:54
(name . Ricardo Wurmus)(address . rekado@elephly.net)
87tvyq3l2b.fsf@gmail.com
Ricardo Wurmus <rekado@elephly.net> writes:

Toggle quote (28 lines)
> Ludovic Courtès <ludo@gnu.org> writes:
>
>>> We need to add license comments to the JavaScript files and to
>>> non-trivial embedded script blocks.
>>>
>>> I would like to do this, but I don’t know where the code is that I
>>> should edit, or if this should just be done on our single
>>> soon-to-be-obsolete hydra.gnu.org instance.
>>
>> I depends on the breadth of the changes. Where are the license tags
>> missing? Is it mostly in .js files, or in <script> tags?
>
> We don’t need to add anything to .js files if we can write a table
> containing the relative paths to all scripts and their licenses.
>
> Here is an example:
>
> http://guix.mdc-berlin.de/javascript
>
> A link to this table must be placed on all pages that load the scripts
> (it would be enough to modify the page template). I’d begin by
> collecting information for all scripts under /static/js and then
> annotate all inline scripts with two-line license comments.
>
> I don’t think I ever got access to hydra.gnu.org; I volunteer to make
> the required changes (I’ve done this before for rcas.mdc-berlin.de and
> guix.mdc-berlin.de).

I believe there are also LibreJS problems with our Guix packages page

Maxim
R
R
Ricardo Wurmus wrote on 23 Oct 2017 07:46
(name . Thompson, David)(address . dthompson2@worcester.edu)
87r2tutnzn.fsf@elephly.net
Hi Dave,

Toggle quote (5 lines)
> I'd just like to point out that hydra.gnu.org does *NOT* use non-free
> javascript. I can assure you that everything is free software.
> LibreJS just needs to be told so using a very specific metadata
> format.

I think that the idea of machine readable license information is good.
Obviously, it is very early to rely on something like this, because it
is hardly used by anyone. By adding this information to websites we
maintain we can change that a little.

Toggle quote (4 lines)
> I really do not like that LibreJS tells users that they are
> running non-free code and encourages them to complain to site admins
> about it when really LibreJS doesn't know anything.

Yes, “complain” is really not a nice default.

Toggle quote (5 lines)
> Part of my old job at the FSF was making sure LibreJS didn't complain
> about things on FSF-run sites. It took a lot of time to do and I
> don't think it was ever worth the effort. I haven't used LibreJS in
> years and probably never will again.

With current versions of LibreJS I found it pretty easy to make the
changes to websites that are required to keep LibreJS from complaining.

The only gotcha was that the browser has to be restarted after changes
to license information.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
L
L
Ludovic Courtès wrote on 23 Oct 2017 23:06
(name . Ricardo Wurmus)(address . rekado@elephly.net)
8760b5tw05.fsf@gnu.org
Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

Toggle quote (4 lines)
> I don’t think I ever got access to hydra.gnu.org; I volunteer to make
> the required changes (I’ve done this before for rcas.mdc-berlin.de and
> guix.mdc-berlin.de).

I’ve created the “rekado” account with your public key. However, you
need to ask sysadmins@fsf.org to white list one or more IPs you’ll be
connecting from. (I’ll email more info off-list.)

Let us know how it goes, and try to keep a patch of the changes you
make!

Thank you,
Ludo’.
A
A
Adonay Felipe Nogueira wrote on 10 Nov 2017 01:20
(address . bug-guix@gnu.org)
87bmkbvvav.fsf@hyperbola.info
Do you by chance know of some way I can contribute directly to the
development of hydra.gnu.org web site?

If there is at least a way to make a copy of the web pages, I can try
making a LibreJS-compliant version of them --- the only thing needed
would be some server to test them if they need a server-side language or
CGI/FastCGI application.

I noticed that the site seens to be based on NixOS's Hydra. If you want,
I can do customization based on NixOS's instead. Just say the word. ;)

"Thompson, David" <dthompson2@worcester.edu> writes:

Toggle quote (15 lines)
> I'd just like to point out that hydra.gnu.org does *NOT* use non-free
> javascript. I can assure you that everything is free software.
> LibreJS just needs to be told so using a very specific metadata
> format. I really do not like that LibreJS tells users that they are
> running non-free code and encourages them to complain to site admins
> about it when really LibreJS doesn't know anything. I wish LibreJS
> would change the messaging but that seems unlikely.
>
> Part of my old job at the FSF was making sure LibreJS didn't complain
> about things on FSF-run sites. It took a lot of time to do and I
> don't think it was ever worth the effort. I haven't used LibreJS in
> years and probably never will again.
>
> - Dave

--
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
instantaneamente comigo no endereço abaixo.
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
(apenas sem DRM), PNG, TXT, WEBM.
R
R
Ricardo Wurmus wrote on 10 Nov 2017 23:35
(name . Ludovic Courtès)(address . ludo@gnu.org)
871sl5vk1x.fsf@elephly.net
Hi Ludo,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (10 lines)
> Ricardo Wurmus <rekado@elephly.net> skribis:
>
>> I don’t think I ever got access to hydra.gnu.org; I volunteer to make
>> the required changes (I’ve done this before for rcas.mdc-berlin.de and
>> guix.mdc-berlin.de).
>
> I’ve created the “rekado” account with your public key. However, you
> need to ask sysadmins@fsf.org to white list one or more IPs you’ll be
> connecting from. (I’ll email more info off-list.)

Thanks. I can now connect via fencepost.

Toggle quote (3 lines)
> Let us know how it goes, and try to keep a patch of the changes you
> make!

I’ll try to make myself familiar with how things are set up and then
carefully make my changes (mostly additions) and record them as a patch.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
S
S
swedebugia wrote on 17 Dec 2018 11:36
hydra.gnu.org needs to declare its javascript licenses for LibreJS
(address . 15549@debbugs.gnu.org)
0c50f8dfb65ee08478ec0e1c73d6721b@riseup.net
Hi

I vote for closing this as "won't fix" now we are moving away and
concentrate on cuirass at ci.guixsd.info.

--
Cheers
Swedebugia
L
L
Ludovic Courtès wrote on 18 Dec 2018 12:23
(address . swedebugia@riseup.net)(address . 15549@debbugs.gnu.org)
87o99jgjto.fsf@gnu.org
swedebugia@riseup.net skribis:

Toggle quote (5 lines)
> Hi
>
> I vote for closing this as "won't fix" now we are moving away and
> concentrate on cuirass at ci.guixsd.info.

Indeed, done!
L
L
Ludovic Courtès wrote on 18 Dec 2018 12:23
control message for bug #15549
(address . control@debbugs.gnu.org)
87sgyvgjtx.fsf@gnu.org
tags 15549 wontfix
close 15549
?