Make JavaScript LibreJS compliant.

[doublah]

The GNU guide to this is here: https://www.gnu.org/software/librejs/free-your-javascript.html

It might not be a high priority issue, but it definitely is important for the free software enthusiasts :)

[ghost]

Can you be more specific about what you want?

Is there a specific dependency licensing issue?

Is this an issue about general process for license auditing?

Is this a request to republish already-available information in a new GNU-specific format?

[DeadSuperHero]

From the project page:

GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.

So, part of the purpose of LibreJS is that all of the code being executed in the browser is identified as being Free Software. What this boils down to is that each piece of javascript that gets loaded and executed by PeerTube should be verified as being released under a Free Software license.

This is largely an ideological decision, particularly as LibreJS is a GNU project.

[ghost]

I did read the LibreJS page, i’m just saying you’ll need to give us a specific action item for this to even be considered, we aren’t all as excited to slap Richard Stallman branding on our stuff.

[ghost]

For example, if you really want a Richard Stallman branded comment on each file that webpack spits out, how about a webpack plugin?

[doublah]

Can you be more specific about what you want?

Is there a specific dependency licensing issue?

Is this an issue about general process for license auditing?

Is this a request to republish already-available information in a new GNU-specific format?

Did you actually read the page about LibreJS? None of these questions would be necessary if you had.

I did read the LibreJS page, i’m just saying you’ll need to give us a specific action item for this to even be considered, we aren’t all as excited to slap Richard Stallman branding on our stuff.

It's not about "Richard Stallman branding", it's about a not too complicated change, which indicates to your users that you actually care about supporting Free/Libre Software. It's not an "ideological decision", as you've already made the ideological decision to be a Free/Libre Software project, this is just about indicating to the user's browser that decision.

This is a change that provides no difference in user experience for users without a LibreJS addon/browser, but it would actually make the site usable for users who do use said addon or browser.It makes your project seem a bit shallow when you are promoting yourself to be a Free/Libre Software alternative to proprietary services, but you won't allow people who believe in this ideology to easily use your service.

[ghost]

You haven't answered my questions about what specifically you want, or if there's a Webpack plugin. If you want to run only free/libre/gnu/rms/whatever software on your computer I'm afraid you won't have much of a computer, as the vast majority of computers in the world are useless without huge amounts of proprietary software and hardware you'll never see unless you look for it. If you'd like to be an ideological purist in this particular niche way, maybe at least point us at a Webpack module so it's easy for software maintainers to apply.

[ghost]

@scanlime Hi. I'll try to answer these questions, tho don't quote me on any of it. lol

Can you be more specific about what you want?

For pertube not to use proprietary JS, but instead to only use libre JS and to label it according to the LibreJS's page https://www.gnu.org/software/librejs/free-your-javascript.html

I did read the LibreJS page, i’m just saying you’ll need to give us a specific action item for this to even be considered

• Identifying all JavaScript that's being used
• Remove/substitute nonfree JavaScript (if existing)
• Add license information for the Free JavaScript that's being used

[ghost]

This program is open source, and all the packages it depends on are in the standard packages.json format, so I'm not sure what you're looking for here. If there are specific packages you'd like to see us replace, please open a bug for those. If there is another format you'd like to see package metadata presented in, please give us a tool to generate that format from what we currently use.

[ghost]

so I'm not sure what you're looking for here

It's also about an addon developed by GNU (called LibreJS) that blocks all nonfree or unlicensed JS. So for example by visiting https://framatube.org/, the addon issues:

blocked scripts in https://framatube.org/:

- https://framatube.org/# script 0
NONTRIVIAL: nontrivial token: 'document'

- https://framatube.org/client/en_US/runtime.b53340befd61dd0349d1.js
External script with no known license
                
- https://framatube.org/client/en_US/polyfills.ae2b03144501d6de04f8.js
External script with no known license
               
- https://framatube.org/client/en_US/main.5d6ceb8684e2878ff758.js
External script with no known license

Unfortunately I don't know enough to suggest a way of fixing these warnings, tho I suppose the solution lies in the step 3:
Step 3: Adding license information
of this page https://www.gnu.org/software/librejs/free-your-javascript.html

[ghost]

Seems like users of this add on would have exactly the same problem with every single app packaged by Webpack; why not write a webpack plugin you can take to project devs?

[TheophileBrezot]

I think for the last 3 warnings, you should just add the license info about these three script invocation:

<script type="text/javascript" src="/client/en_US/runtime.80e4abeb438b2d9eaf54.js"></script>
<script type="text/javascript" src="/client/en_US/polyfills.4544f9cd03d4e0b3a169.js"></script>
<script type="text/javascript" src="/client/en_US/main.b93fec5007f3aac56970.js"></script>

This should be done by adding a JavaScript Web Labels table (three lines for each script) in a special page and linking this page to each one invoking the scripts.

For the first warning - being non trivial token 'document'- i am not sure why it raises a warning.

[ghost]

Those script lines are all auto-generated by the Webpack build. As I've been saying, we almost certainly need a Webpack plugin to handle this cleanly. Please supply a plugin if you want this fixed. None of this is strange, Peertube is using one of the most common JS build systems in the world and you'll need to support Webpack if you expect apps to adopt LibreJS's requirements.

[rigelk]

@scanlime I looked up how others are doing it, and it's still a WIP. There is no established LibreJS webpack plugin. Actually I found a draft of one: https://forge.softwareheritage.org/differential/changeset/?ref=14204 part of https://forge.softwareheritage.org/D1151?id=3626

[rzr]

I got a complain for a famous librejs user ...
I confirm I faced a white page too
I was then suggested to use archive.org :\ so paradoxal.

[elevenpassin]

@scanlime But I incline to think of Peertube as Freesoftware. Given Framasoft's strong stance on free software movement.

[StaticallyTypedRice]

From the project page:

GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.

So, part of the purpose of LibreJS is that all of the code being executed in the browser is identified as being Free Software. What this boils down to is that each piece of javascript that gets loaded and executed by PeerTube should be verified as being released under a Free Software license.

This is largely an ideological decision, particularly as LibreJS is a GNU project.

Am I missing something? What's stopping Peertube from being LibreJS compliant right now? As far as I know all the JS is in this repository, which is AGPL. Does it need to be signed in some way that can't be done because it's auto generated at compile time?

[anedroid]

This is an example of page which works with GNU LibreJS: librespeed.org.

[TomatDividedBy0]

From the project page:

GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.

So, part of the purpose of LibreJS is that all of the code being executed in the browser is identified as being Free Software. What this boils down to is that each piece of javascript that gets loaded and executed by PeerTube should be verified as being released under a Free Software license.
This is largely an ideological decision, particularly as LibreJS is a GNU project.

Am I missing something? What's stopping Peertube from being LibreJS compliant right now? As far as I know all the JS is in this repository, which is AGPL. Does it need to be signed in some way that can't be done because it's auto generated at compile time?

I think what's being miscommunicated is that there's a FireFox extension for checking LibreJS compliance. This extension will automatically block any major scripts in a page which fail to identify the source code in a table as per convention. This is realistically the only way a web-extension can automatically detect if a site is using open-source JS.

As it currently stands, anyone using the extension has to disable/whitelist in order to make use of PeerTube, given that the individual scripts which the extension blocks happen are necessary for PeerTube to function properly. I might make a quick video sometime this week showcasing what is/isn't functional via screen-capture, but if you want you can install the extension yourself and test it on various PeerTube instances to see what does or doesn't work.

In theory, yes LibreJS is just a concept, but the extension is the most practical way to implement it currently, given that nobody in their right mind manually checks every single JS file every time they load a webpage.

[TechnologyClassroom]

If anyone wants to work on this issue, the first step would be to try the generate-weblabels-webpack-plugin from Software Heritage.