New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please change jshint.js license, remove bad or evil #1234

Open
osallou opened this Issue Aug 14, 2013 · 80 comments

Comments

Projects
None yet
@osallou

osallou commented Aug 14, 2013

Hi,
could you please modify the jshint.js license to be a real MIT license?

The "The Software shall be used for Good, not Evil." prevents library to be packaged in Debian and maybe other repo where code should really be free of use (yes, even evil). And honestly, if someone wants to use it for evil... well I don't think he will care about the license :-)

Thanks

Olivier

@manix84

This comment has been minimized.

Show comment
Hide comment
@manix84

manix84 Aug 19, 2013

I don't know is this can ever happen, as the "bad or evil" licence is the original software licence for JSLint.

manix84 commented Aug 19, 2013

I don't know is this can ever happen, as the "bad or evil" licence is the original software licence for JSLint.

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

I also think this should happen as soon as possible as this is a major obstacle to shipping also other pieces of software.

Se as an example this very sad thread on the debian bug reporter: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673727.

hellais commented Aug 22, 2013

I also think this should happen as soon as possible as this is a major obstacle to shipping also other pieces of software.

Se as an example this very sad thread on the debian bug reporter: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673727.

@goatslacker

This comment has been minimized.

Show comment
Hide comment
@goatslacker

goatslacker Aug 22, 2013

Member

This isn't possible without removing all Crockford code from JSHINT. It can definitely happen though.

Member

goatslacker commented Aug 22, 2013

This isn't possible without removing all Crockford code from JSHINT. It can definitely happen though.

@valueof

This comment has been minimized.

Show comment
Hide comment
@valueof

valueof Aug 22, 2013

Member

I need input from someone who understands legal. (I don't)

Member

valueof commented Aug 22, 2013

I need input from someone who understands legal. (I don't)

@dcramer

This comment has been minimized.

Show comment
Hide comment
@dcramer

dcramer Aug 22, 2013

I'm pretty sure @goatslacker is correct. You could ask Crockford to change his license :)

dcramer commented Aug 22, 2013

I'm pretty sure @goatslacker is correct. You could ask Crockford to change his license :)

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

@goatslacker where can I find a reference to all the code written by Crockford part of this repository?

hellais commented Aug 22, 2013

@goatslacker where can I find a reference to all the code written by Crockford part of this repository?

@dcramer

This comment has been minimized.

Show comment
Hide comment
@dcramer

dcramer Aug 22, 2013

@hellais you can run a diff against the first commit to jshint (which would have been where the fork started), to the current HEAD

dcramer commented Aug 22, 2013

@hellais you can run a diff against the first commit to jshint (which would have been where the fork started), to the current HEAD

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

Git tells me this:

web/jshint - [master] » git log --author="Douglas Crockford" --oneline --shortstat
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
 1 file changed, 3 insertions(+), 3 deletions(-)
5675d2c http://tech.groups.yahoo.com/group/jslint_com/message/1730
 5 files changed, 2752 insertions(+), 2847 deletions(-)
73c2fe3 indent
 1 file changed, 4 insertions(+), 3 deletions(-)
d41c211 http://tech.groups.yahoo.com/group/jslint_com/
 1 file changed, 2 insertions(+)
d7896b2 step_in step_out
 1 file changed, 18 insertions(+), 5 deletions(-)
85c95ac for var
 1 file changed, 4 insertions(+), 5 deletions(-)
caa8885 use strict
 2 files changed, 5 insertions(+), 4 deletions(-)
1da55dd http://www.yuiblog.com/blog/2010/12/14/strict-mode-is-coming-to-town/
 2 files changed, 7 insertions(+), 8 deletions(-)
b6d8b25 use strict
 4 files changed, 25 insertions(+), 25 deletions(-)
dc4a013 JSON escape v
 1 file changed, 5 insertions(+), 2 deletions(-)
80a2252 JSON escape single quote
 1 file changed, 5 insertions(+), 1 deletion(-)
bdd3576 k
 4 files changed, 8 insertions(+), 6 deletions(-)
6735394 Cleanup.
 2 files changed, 159 insertions(+), 167 deletions(-)
00d8d1f option.predef
 1 file changed, 2 insertions(+), 2 deletions(-)
6af839a option.predef
 2 files changed, 91 insertions(+), 66 deletions(-)
c933206 Warn on new Array(NUMBER)
 1 file changed, 2 insertions(+), 17 deletions(-)
f73d206 Add fullinit_ui.js, an ADsafe widget
 3 files changed, 159 insertions(+), 5 deletions(-)
523956b Removing rhino.js and wsh.js. Other projects are providing better alternatives.
 4 files changed, 4 insertions(+), 67 deletions(-)
d98f753 dangerous comments
 1 file changed, 1 insertion(+), 1 deletion(-)
35ec4a5 groove
 5 files changed, 95 insertions(+), 203 deletions(-)
d4a0702 More css colors
 1 file changed, 99 insertions(+), 64 deletions(-)
eb939e7 Use charAt instead of [] in line 1786.
 2 files changed, 0 insertions(+), 0 deletions(-)
7800939 Add README
 1 file changed, 20 insertions(+)
ca120a7 first commit
 6 files changed, 7011 insertions(+)

Should not be that much...

hellais commented Aug 22, 2013

Git tells me this:

web/jshint - [master] » git log --author="Douglas Crockford" --oneline --shortstat
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
 1 file changed, 3 insertions(+), 3 deletions(-)
5675d2c http://tech.groups.yahoo.com/group/jslint_com/message/1730
 5 files changed, 2752 insertions(+), 2847 deletions(-)
73c2fe3 indent
 1 file changed, 4 insertions(+), 3 deletions(-)
d41c211 http://tech.groups.yahoo.com/group/jslint_com/
 1 file changed, 2 insertions(+)
d7896b2 step_in step_out
 1 file changed, 18 insertions(+), 5 deletions(-)
85c95ac for var
 1 file changed, 4 insertions(+), 5 deletions(-)
caa8885 use strict
 2 files changed, 5 insertions(+), 4 deletions(-)
1da55dd http://www.yuiblog.com/blog/2010/12/14/strict-mode-is-coming-to-town/
 2 files changed, 7 insertions(+), 8 deletions(-)
b6d8b25 use strict
 4 files changed, 25 insertions(+), 25 deletions(-)
dc4a013 JSON escape v
 1 file changed, 5 insertions(+), 2 deletions(-)
80a2252 JSON escape single quote
 1 file changed, 5 insertions(+), 1 deletion(-)
bdd3576 k
 4 files changed, 8 insertions(+), 6 deletions(-)
6735394 Cleanup.
 2 files changed, 159 insertions(+), 167 deletions(-)
00d8d1f option.predef
 1 file changed, 2 insertions(+), 2 deletions(-)
6af839a option.predef
 2 files changed, 91 insertions(+), 66 deletions(-)
c933206 Warn on new Array(NUMBER)
 1 file changed, 2 insertions(+), 17 deletions(-)
f73d206 Add fullinit_ui.js, an ADsafe widget
 3 files changed, 159 insertions(+), 5 deletions(-)
523956b Removing rhino.js and wsh.js. Other projects are providing better alternatives.
 4 files changed, 4 insertions(+), 67 deletions(-)
d98f753 dangerous comments
 1 file changed, 1 insertion(+), 1 deletion(-)
35ec4a5 groove
 5 files changed, 95 insertions(+), 203 deletions(-)
d4a0702 More css colors
 1 file changed, 99 insertions(+), 64 deletions(-)
eb939e7 Use charAt instead of [] in line 1786.
 2 files changed, 0 insertions(+), 0 deletions(-)
7800939 Add README
 1 file changed, 20 insertions(+)
ca120a7 first commit
 6 files changed, 7011 insertions(+)

Should not be that much...

@valueof

This comment has been minimized.

Show comment
Hide comment
@valueof

valueof Aug 22, 2013

Member

What @dcramer said. It won't be very useful, though, since I switched from spaces to tabs along the way. So you will need to do something like that:

  1. Checkout first JSHint commit. Convert it to tabs.
  2. Checkout latest JSHint commit.
  3. Diff (1) and (2) using a normal diff tool.

Lexer was rewritten completely, parser was changed substantially and, to be honest, I don't think @douglascrockford is going to sue me if I change the license. But, still, I don't want to be a douchebag. :-)

Member

valueof commented Aug 22, 2013

What @dcramer said. It won't be very useful, though, since I switched from spaces to tabs along the way. So you will need to do something like that:

  1. Checkout first JSHint commit. Convert it to tabs.
  2. Checkout latest JSHint commit.
  3. Diff (1) and (2) using a normal diff tool.

Lexer was rewritten completely, parser was changed substantially and, to be honest, I don't think @douglascrockford is going to sue me if I change the license. But, still, I don't want to be a douchebag. :-)

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

@antonkovalyov I think a regular diff will not work either because the code structure has drastically changed. I am looking into a possible way of determining which portions of the code are from the original author.

Exploring possibilities such as simian or checkstyle http://checkstyle.sourceforge.net/config_duplicates.html.

hellais commented Aug 22, 2013

@antonkovalyov I think a regular diff will not work either because the code structure has drastically changed. I am looking into a possible way of determining which portions of the code are from the original author.

Exploring possibilities such as simian or checkstyle http://checkstyle.sourceforge.net/config_duplicates.html.

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

After extracting all the JS code from this head: 40e3f73 (the last commit by git log --author="Douglas Crockford") and comparing that with all the js under the src/*.js root of the current master.

Running the two through the following similarity analyser:

Similarity Analyser 2.3.34 - http://www.harukizaemon.com/simian
Copyright (c) 2003-2013 Simon Harris.  All rights reserved.
Simian is not free unless used solely for non-commercial or evaluation purposes.

And extracting the lines of code that appear to be present in both 40e3f73 and current master it appears these are the only lines of code left in this repository that were written by Douglas Crockford:

----------------------
                lbp: p,
                value: s
            };
        }
        return x;
    }

    function delim(s) {
        return symbol(s, 0);
    }


----------------------
----------------------
        identifier: true,
        nud: function () {
            var v = this.value,
                s = scope[v],
                f;

            if (typeof s === "function") {

----------------------
----------------------
        member = {};
        membersOnly = null;
        implied = {};
        inblock = false;
        lookahead = [];
        warnings = 0;
        unuseds = [];

----------------------
----------------------
    confirm: false,
    console: false,
    Debug  : false,
    opera  : false,
    prompt : false
};


----------------------
----------------------
        }

        if (!a) {
            a = [line];
            implied[name] = a;
        } else if (a[a.length - 1] !== line) {
            a.push(line);
        }
    }

----------------------
----------------------
                char = this.peek(index);
                if (!isDecimalDigit(char)) {
                    break;
                }
                value += char;
                index += 1;
            }
        }

----------------------
----------------------
    }

    function warningAt(m, l, ch, a, b, c, d) {
        return warning(m, {
            line: l,
            from: ch
        }, a, b, c, d);
    }

    function error(m, t, a, b, c, d) {
        warning(m, t, a, b, c, d);
    }

----------------------
----------------------
        };
        return x;
    }

    function type(s, f) {
        var x = delim(s);
        x.type = s;
        x.nud = f;
        return x;
    }


----------------------
----------------------
                                    case '<':
                                        if (xmode === 'script') {
                                            c = s.charAt(l);
                                            if (c === '!' || c === '/') {
                                                warningAt(
"HTML confusion in regular expression '<{a}'.", line, from + l, c);
                                            }
                                        }

----------------------
----------------------
            Object              : false,
            parseInt            : false,
            parseFloat          : false,
            RangeError          : false,
            ReferenceError      : false,
            RegExp              : false,
            String              : false,
            SyntaxError         : false,

----------------------
----------------------
            Function            : false,
            hasOwnProperty      : false,
            isFinite            : false,
            isNaN               : false,
            JSON                : false,
            Math                : false,
            Number              : false,
            Object              : false,

----------------------
----------------------
    Boolean            : false,
    Date               : false,
    decodeURI          : false,
    decodeURIComponent : false,
    encodeURI          : false,
    encodeURIComponent : false,
    Error              : false,
    "eval"             : false,
    EvalError          : false,

----------------------
----------------------
            onbeforeunload  : true,
            onblur          : true,
            onerror         : true,
            onfocus         : true,
            onload          : true,
            onresize        : true,
            onunload        : true,
            open            : false,
            opener          : false,
            Option          : false,

----------------------
----------------------
        }
    }

    // We need a peek function. If it has an argument, it peeks that much farther
    // ahead. It is used to distinguish
    //     for ( var i in ...
    // from
    //     for ( var i = ...

    function peek(p) {
        var i = p || 0, j = 0, t;

        while (j <= i) {
            t = lookahead[j];
            if (!t) {
                t = lookahead[j] = lex.token();
            }
            j += 1;
        }
        return t;
    }

    // Produce the next token. It looks for programming errors.

    function advance(id, t) {
        switch (state.tokens.curr.id) {
        case "(number)":

----------------------
----------------------
            Option          : false,
            parent          : false,
            print           : false,
            removeEventListener: false,
            resizeBy        : false,
            resizeTo        : false,
            screen          : false,
            scroll          : false,
            scrollBy        : false,
            scrollTo        : false,
            setInterval     : false,
            setTimeout      : false,

----------------------
----------------------
            loadClass   : false,
            print       : false,
            quit        : false,
            readFile    : false,
            readUrl     : false,
            runCommand  : false,
            seal        : false,
            serialize   : false,
            spawn       : false,
            sync        : false,
            toint32     : false,
            version     : false
        },


----------------------
----------------------
                    name: n,
                    line: implied[n]
                });
            }
        }

        if (implieds.length > 0) {
            data.implieds = implieds;
        }

        if (urls.length > 0) {
            data.urls = urls;
        }

        globals = Object.keys(scope);
        if (globals.length > 0) {
            data.globals = globals;
        }

        for (i = 1; i < functions.length; i += 1) {
            f = functions[i];
            fu = {};

            for (j = 0; j < functionicity.length; j += 1) {
                fu[functionicity[j]] = [];
            }


----------------------

This is a quite trivial quantity.

I do not know what is the best way to proceed here. I think it may be the case to ask a professional lawyer for help.

hellais commented Aug 22, 2013

After extracting all the JS code from this head: 40e3f73 (the last commit by git log --author="Douglas Crockford") and comparing that with all the js under the src/*.js root of the current master.

Running the two through the following similarity analyser:

Similarity Analyser 2.3.34 - http://www.harukizaemon.com/simian
Copyright (c) 2003-2013 Simon Harris.  All rights reserved.
Simian is not free unless used solely for non-commercial or evaluation purposes.

And extracting the lines of code that appear to be present in both 40e3f73 and current master it appears these are the only lines of code left in this repository that were written by Douglas Crockford:

----------------------
                lbp: p,
                value: s
            };
        }
        return x;
    }

    function delim(s) {
        return symbol(s, 0);
    }


----------------------
----------------------
        identifier: true,
        nud: function () {
            var v = this.value,
                s = scope[v],
                f;

            if (typeof s === "function") {

----------------------
----------------------
        member = {};
        membersOnly = null;
        implied = {};
        inblock = false;
        lookahead = [];
        warnings = 0;
        unuseds = [];

----------------------
----------------------
    confirm: false,
    console: false,
    Debug  : false,
    opera  : false,
    prompt : false
};


----------------------
----------------------
        }

        if (!a) {
            a = [line];
            implied[name] = a;
        } else if (a[a.length - 1] !== line) {
            a.push(line);
        }
    }

----------------------
----------------------
                char = this.peek(index);
                if (!isDecimalDigit(char)) {
                    break;
                }
                value += char;
                index += 1;
            }
        }

----------------------
----------------------
    }

    function warningAt(m, l, ch, a, b, c, d) {
        return warning(m, {
            line: l,
            from: ch
        }, a, b, c, d);
    }

    function error(m, t, a, b, c, d) {
        warning(m, t, a, b, c, d);
    }

----------------------
----------------------
        };
        return x;
    }

    function type(s, f) {
        var x = delim(s);
        x.type = s;
        x.nud = f;
        return x;
    }


----------------------
----------------------
                                    case '<':
                                        if (xmode === 'script') {
                                            c = s.charAt(l);
                                            if (c === '!' || c === '/') {
                                                warningAt(
"HTML confusion in regular expression '<{a}'.", line, from + l, c);
                                            }
                                        }

----------------------
----------------------
            Object              : false,
            parseInt            : false,
            parseFloat          : false,
            RangeError          : false,
            ReferenceError      : false,
            RegExp              : false,
            String              : false,
            SyntaxError         : false,

----------------------
----------------------
            Function            : false,
            hasOwnProperty      : false,
            isFinite            : false,
            isNaN               : false,
            JSON                : false,
            Math                : false,
            Number              : false,
            Object              : false,

----------------------
----------------------
    Boolean            : false,
    Date               : false,
    decodeURI          : false,
    decodeURIComponent : false,
    encodeURI          : false,
    encodeURIComponent : false,
    Error              : false,
    "eval"             : false,
    EvalError          : false,

----------------------
----------------------
            onbeforeunload  : true,
            onblur          : true,
            onerror         : true,
            onfocus         : true,
            onload          : true,
            onresize        : true,
            onunload        : true,
            open            : false,
            opener          : false,
            Option          : false,

----------------------
----------------------
        }
    }

    // We need a peek function. If it has an argument, it peeks that much farther
    // ahead. It is used to distinguish
    //     for ( var i in ...
    // from
    //     for ( var i = ...

    function peek(p) {
        var i = p || 0, j = 0, t;

        while (j <= i) {
            t = lookahead[j];
            if (!t) {
                t = lookahead[j] = lex.token();
            }
            j += 1;
        }
        return t;
    }

    // Produce the next token. It looks for programming errors.

    function advance(id, t) {
        switch (state.tokens.curr.id) {
        case "(number)":

----------------------
----------------------
            Option          : false,
            parent          : false,
            print           : false,
            removeEventListener: false,
            resizeBy        : false,
            resizeTo        : false,
            screen          : false,
            scroll          : false,
            scrollBy        : false,
            scrollTo        : false,
            setInterval     : false,
            setTimeout      : false,

----------------------
----------------------
            loadClass   : false,
            print       : false,
            quit        : false,
            readFile    : false,
            readUrl     : false,
            runCommand  : false,
            seal        : false,
            serialize   : false,
            spawn       : false,
            sync        : false,
            toint32     : false,
            version     : false
        },


----------------------
----------------------
                    name: n,
                    line: implied[n]
                });
            }
        }

        if (implieds.length > 0) {
            data.implieds = implieds;
        }

        if (urls.length > 0) {
            data.urls = urls;
        }

        globals = Object.keys(scope);
        if (globals.length > 0) {
            data.globals = globals;
        }

        for (i = 1; i < functions.length; i += 1) {
            f = functions[i];
            fu = {};

            for (j = 0; j < functionicity.length; j += 1) {
                fu[functionicity[j]] = [];
            }


----------------------

This is a quite trivial quantity.

I do not know what is the best way to proceed here. I think it may be the case to ask a professional lawyer for help.

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

BTW those are 195 lines of code in a project that has over 9000 lines of code.

hellais commented Aug 22, 2013

BTW those are 195 lines of code in a project that has over 9000 lines of code.

@dcramer

This comment has been minimized.

Show comment
Hide comment
@dcramer

dcramer Aug 22, 2013

I may have no idea what's going on here, but I can't imagine that jshint rewrote 8800 lines of jslint

dcramer commented Aug 22, 2013

I may have no idea what's going on here, but I can't imagine that jshint rewrote 8800 lines of jslint

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 22, 2013

I re-ran simian with a threshold of 2 (this means blocks of fewer similar lines will also be displayed) and I got 708 duplicate lines.

@dcramer what would you suggest doing regarding refactoring out Crockford's code from jshint or getting the license changed?

hellais commented Aug 22, 2013

I re-ran simian with a threshold of 2 (this means blocks of fewer similar lines will also be displayed) and I got 708 duplicate lines.

@dcramer what would you suggest doing regarding refactoring out Crockford's code from jshint or getting the license changed?

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Aug 22, 2013

@hellais I'd suggest talking to a lawyer as I think anything else is likely to be pointing a gun squarely at some feet.

dstufft commented Aug 22, 2013

@hellais I'd suggest talking to a lawyer as I think anything else is likely to be pointing a gun squarely at some feet.

@goatslacker

This comment has been minimized.

Show comment
Hide comment
@goatslacker

goatslacker Aug 23, 2013

Member

The easy answer to this is that we would need to move away from the pratt parser to esprima.

Member

goatslacker commented Aug 23, 2013

The easy answer to this is that we would need to move away from the pratt parser to esprima.

@dancrumb

This comment has been minimized.

Show comment
Hide comment
@dancrumb

dancrumb Aug 23, 2013

You know, you could just have a conversation with Douglas and find out his
thoughts on the matter, instead of trying to remove all of his code.

It would be significantly easier and would introduce zero risk to the
codebase. Trying to refactor the code because of a silly little phrase in a
license seems a little excessive.
On Aug 22, 2013 7:01 PM, "Josh Perez" notifications@github.com wrote:

The easy answer to this is that we would need to move away from the pratt
parser to esprima.


Reply to this email directly or view it on GitHubhttps://github.com/jshint/jshint/issues/1234#issuecomment-23135309
.

dancrumb commented Aug 23, 2013

You know, you could just have a conversation with Douglas and find out his
thoughts on the matter, instead of trying to remove all of his code.

It would be significantly easier and would introduce zero risk to the
codebase. Trying to refactor the code because of a silly little phrase in a
license seems a little excessive.
On Aug 22, 2013 7:01 PM, "Josh Perez" notifications@github.com wrote:

The easy answer to this is that we would need to move away from the pratt
parser to esprima.


Reply to this email directly or view it on GitHubhttps://github.com/jshint/jshint/issues/1234#issuecomment-23135309
.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Aug 23, 2013

I'm fairly sure that Douglas has been asked about it before and has refused to re-license it. Looking it up I've found him joking about how he gets letters from lawyers about a similar clause in the JSON license http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears also someone from Debian legal has emailed him to ask about it and his response was if you don't like the license don't use it: http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can be the determining factor if the software is usable or not. Licenses are legally binding documents and given that there's no legal definition of what is and isn't evil it practically means that it is impossible to know whether any particular use of the code is allowed under the license. Because you can't know if it's ok to use the code as licensed companies (and organizations like Debian) will simply opt not to use it.

dstufft commented Aug 23, 2013

I'm fairly sure that Douglas has been asked about it before and has refused to re-license it. Looking it up I've found him joking about how he gets letters from lawyers about a similar clause in the JSON license http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears also someone from Debian legal has emailed him to ask about it and his response was if you don't like the license don't use it: http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can be the determining factor if the software is usable or not. Licenses are legally binding documents and given that there's no legal definition of what is and isn't evil it practically means that it is impossible to know whether any particular use of the code is allowed under the license. Because you can't know if it's ok to use the code as licensed companies (and organizations like Debian) will simply opt not to use it.

@osallou

This comment has been minimized.

Show comment
Hide comment
@osallou

osallou Aug 23, 2013

This is unfortunately a common issue, and too bad, because I think that
people willing to do evil won't care about the license....

However, sometimes, author accept to change his mind, mainly if we explain
him it blocks many other software using his software.

Last request seems to be a few years ago, maybe that trying again and
again....

2013/8/23 Donald Stufft notifications@github.com

I'm fairly sure that Douglas has been asked about it before and has
refused to re-license it. Looking it up I've found him joking about how he
gets letters from lawyers about a similar clause in the JSON license
http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears
also someone from Debian legal has emailed him to ask about it and his
response was if you don't like the license don't use it:
http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can
be the determining factor if the software is usable or not. Licenses are
legally binding documents and given that there's no legal definition of
what is and isn't evil it practically means that it is impossible to know
whether any particular use of the code is allowed under the license.
Because you can't know if it's ok to use the code as licensed companies
(and organizations like Debian) will simply opt not to use it.


Reply to this email directly or view it on GitHubhttps://github.com/jshint/jshint/issues/1234#issuecomment-23143534
.

gpg key id: 4096R/326D8438 (keyring.debian.org)

Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438

osallou commented Aug 23, 2013

This is unfortunately a common issue, and too bad, because I think that
people willing to do evil won't care about the license....

However, sometimes, author accept to change his mind, mainly if we explain
him it blocks many other software using his software.

Last request seems to be a few years ago, maybe that trying again and
again....

2013/8/23 Donald Stufft notifications@github.com

I'm fairly sure that Douglas has been asked about it before and has
refused to re-license it. Looking it up I've found him joking about how he
gets letters from lawyers about a similar clause in the JSON license
http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears
also someone from Debian legal has emailed him to ask about it and his
response was if you don't like the license don't use it:
http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can
be the determining factor if the software is usable or not. Licenses are
legally binding documents and given that there's no legal definition of
what is and isn't evil it practically means that it is impossible to know
whether any particular use of the code is allowed under the license.
Because you can't know if it's ok to use the code as licensed companies
(and organizations like Debian) will simply opt not to use it.


Reply to this email directly or view it on GitHubhttps://github.com/jshint/jshint/issues/1234#issuecomment-23143534
.

gpg key id: 4096R/326D8438 (keyring.debian.org)

Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438

@asbjornenge

This comment has been minimized.

Show comment
Hide comment
@asbjornenge

asbjornenge Aug 23, 2013

Oh, the old Good / Evil... IANAL, but this makes sense to me -> http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40728.html

You can't argue about good / evil in any court if the terms ain't defined.

asbjornenge commented Aug 23, 2013

Oh, the old Good / Evil... IANAL, but this makes sense to me -> http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40728.html

You can't argue about good / evil in any court if the terms ain't defined.

@douglascrockford

This comment has been minimized.

Show comment
Hide comment
@asbjornenge

This comment has been minimized.

Show comment
Hide comment
@asbjornenge

asbjornenge Aug 23, 2013

@douglascrockford why not put that last bit in license instead; "...this software may not be used in the investigation, torture, and murder of patriots who dare to resist tyrants." <- from a shared http://good/considered_evil.txt
👍 form me!

asbjornenge commented Aug 23, 2013

@douglascrockford why not put that last bit in license instead; "...this software may not be used in the investigation, torture, and murder of patriots who dare to resist tyrants." <- from a shared http://good/considered_evil.txt
👍 form me!

@hellais

This comment has been minimized.

Show comment
Hide comment
@hellais

hellais Aug 23, 2013

@douglascrockford have you actually ever tried suing somebody that has used your software for evil?

I bet the NSA uses JSHINT for their javascript projects and I think they are doing quite an amount of evil. It seems like your license has not been very effective at stopping them from doing so though...

hellais commented Aug 23, 2013

@douglascrockford have you actually ever tried suing somebody that has used your software for evil?

I bet the NSA uses JSHINT for their javascript projects and I think they are doing quite an amount of evil. It seems like your license has not been very effective at stopping them from doing so though...

@valueof

This comment has been minimized.

Show comment
Hide comment
@valueof

valueof Aug 23, 2013

Member

The easy answer to this is that we would need to move away from the pratt parser to esprima.

At this point JSHint covers more JavaScript (stable parts of ES6, Mozilla-specific extensions) and is more fail tolerant than Esprima so the switch isn't going to happen in near future.

I bet the NSA uses JSHINT for their javascript projects

:-)

Member

valueof commented Aug 23, 2013

The easy answer to this is that we would need to move away from the pratt parser to esprima.

At this point JSHint covers more JavaScript (stable parts of ES6, Mozilla-specific extensions) and is more fail tolerant than Esprima so the switch isn't going to happen in near future.

I bet the NSA uses JSHINT for their javascript projects

:-)

@OscarGodson

This comment has been minimized.

Show comment
Hide comment
@OscarGodson

OscarGodson Aug 23, 2013

@hellais Did you read his link?

It is not effective at all, but it at least states my intention.

haha

OscarGodson commented Aug 23, 2013

@hellais Did you read his link?

It is not effective at all, but it at least states my intention.

haha

@valueof

This comment has been minimized.

Show comment
Hide comment
@valueof

valueof Aug 23, 2013

Member

Anyway, I sent an email to @douglascrockford asking for an explicit permission to remove that clause from JSHint. If he grants one, I'll remove it. If he doesn't, Debian people will have to install JSHint through NPM or do some other workaround.

To be honest, I'm getting tired of these not-true-open-source talks. Out of all things I need to do with JSHint this issue is probably the least important one.

Member

valueof commented Aug 23, 2013

Anyway, I sent an email to @douglascrockford asking for an explicit permission to remove that clause from JSHint. If he grants one, I'll remove it. If he doesn't, Debian people will have to install JSHint through NPM or do some other workaround.

To be honest, I'm getting tired of these not-true-open-source talks. Out of all things I need to do with JSHint this issue is probably the least important one.

@valueof valueof closed this Aug 23, 2013

@espadrine

This comment has been minimized.

Show comment
Hide comment
@espadrine

espadrine Aug 23, 2013

@OscarGodson The link seems purposefully inaccessible publicly. I get a Google+ error page ("This post could not be found"), which is its approximation for a 404.

espadrine commented Aug 23, 2013

@OscarGodson The link seems purposefully inaccessible publicly. I get a Google+ error page ("This post could not be found"), which is its approximation for a 404.

@valueof

This comment has been minimized.

Show comment
Hide comment
@valueof

valueof Aug 23, 2013

Member

Case closed, license shall remain the same:

Member

valueof commented Aug 23, 2013

Case closed, license shall remain the same:

@piotr1212

This comment has been minimized.

Show comment
Hide comment
@piotr1212

piotr1212 Jan 25, 2015

Thanks you for the update. I'll just wait paintently ;)
And yes, I am a package maintainer for Fedora/EPEL, There are many nodejs modules which depend on jshint and can't be packaged now...

piotr1212 commented Jan 25, 2015

Thanks you for the update. I'll just wait paintently ;)
And yes, I am a package maintainer for Fedora/EPEL, There are many nodejs modules which depend on jshint and can't be packaged now...

@paultag

This comment has been minimized.

Show comment
Hide comment
@paultag

paultag Jan 25, 2015

I'm with @piotr1212 - this has blocked some tools into Debian that I want to see. let's get this nonfree clause removed!

paultag commented Jan 25, 2015

I'm with @piotr1212 - this has blocked some tools into Debian that I want to see. let's get this nonfree clause removed!

@cburgmer

This comment has been minimized.

Show comment
Hide comment
@cburgmer

cburgmer Feb 23, 2015

Contributor

I would like to promote this issue and call on all contributors to not forget our government employees inside the NSA or GCHQ that maintain parts of the pervasive surveillance system written in JavaScript. Clean code for everybody!

Contributor

cburgmer commented Feb 23, 2015

I would like to promote this issue and call on all contributors to not forget our government employees inside the NSA or GCHQ that maintain parts of the pervasive surveillance system written in JavaScript. Clean code for everybody!

@paultag

This comment has been minimized.

Show comment
Hide comment
@paultag

paultag commented Feb 23, 2015

@foysavas

This comment has been minimized.

Show comment
Hide comment
@foysavas

foysavas Feb 23, 2015

Contributor

I've signed the CLA and encourage others to do the same.

As a curiosity, I once had and took the opportunity to ask Howard Zinn to define evil. He, however, snapped back at me, claiming that if I didn't know what evil was by my age, then, for sure, I never would. After years of reflection on that statement, Zinn, of course, was right – and to be errantly good has remained the best I can hope for.

Contributor

foysavas commented Feb 23, 2015

I've signed the CLA and encourage others to do the same.

As a curiosity, I once had and took the opportunity to ask Howard Zinn to define evil. He, however, snapped back at me, claiming that if I didn't know what evil was by my age, then, for sure, I never would. After years of reflection on that statement, Zinn, of course, was right – and to be errantly good has remained the best I can hope for.

@jamiebuilds

This comment has been minimized.

Show comment
Hide comment
@jamiebuilds

jamiebuilds Feb 23, 2015

Contributor

Is this license going to be updated as well? https://github.com/jshint/jshint/blob/master/src/jshint.js#L19

Contributor

jamiebuilds commented Feb 23, 2015

Is this license going to be updated as well? https://github.com/jshint/jshint/blob/master/src/jshint.js#L19

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Feb 23, 2015

Member

@thejameskyle That is the only license that needs changing. We'll be sure to update it as soon as we can

Member

jugglinmike commented Feb 23, 2015

@thejameskyle That is the only license that needs changing. We'll be sure to update it as soon as we can

@kreynen

This comment has been minimized.

Show comment
Hide comment
@kreynen

kreynen Jul 15, 2015

Just found an older copy of jshint.js that made its way into a Drupal project. I'm having trouble following this issue. Is the "Good, not Evil" clause being removed? The activity in webjars/webjars#1127 makes me think that clause will remain.

kreynen commented Jul 15, 2015

Just found an older copy of jshint.js that made its way into a Drupal project. I'm having trouble following this issue. Is the "Good, not Evil" clause being removed? The activity in webjars/webjars#1127 makes me think that clause will remain.

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Jul 15, 2015

Member

The best way to confirm that we're still working on this is to check my master-free branch -- I certainly wouldn't be keeping that in sync if I didn't intend to use it!

Member

jugglinmike commented Jul 15, 2015

The best way to confirm that we're still working on this is to check my master-free branch -- I certainly wouldn't be keeping that in sync if I didn't intend to use it!

@kreynen

This comment has been minimized.

Show comment
Hide comment
@kreynen

kreynen Jul 16, 2015

@jugglinmike I read that response the first time you posted it in response to @piotr1212 back in January, but I wasn't sue why someone would be working on getting the AND operator working properly in POM if you were merging this... so I asked. I was really hoping for > update and < snark.

As part of Drupal's Licensing Working Group, we deal with licensing issues for a community with thousands of projects and contributors. I understand how frustrating it can be to get these resolved... and how thankless.

SO THANK YOU! Unenforceable, non-standard licensing clauses like that are incredibly unproductive.

While I'm guilty of my share of responses like this, you should be aware of how off putting this is for someone who isn't familiar with your project.

Since there is nothing in the branch's README.md, description, an open PR with comments or in this issue indicating what still needs to be done, people are going to continue to periodically ask until this gets merged.

If you are going to use a boilerplate response to anyone who asks, I'd suggest some changes. "I didn't intend to use it!" is != "we didn't intend to merge it". It would be less off putting to say something like...

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

This file wasn't essential to the Drupal project so it was removed, but this issue is becoming a great case study in the ripple effect modifying a truly open and vetted license can have. Let me know if there is anything I can do to help get this resolved.

kreynen commented Jul 16, 2015

@jugglinmike I read that response the first time you posted it in response to @piotr1212 back in January, but I wasn't sue why someone would be working on getting the AND operator working properly in POM if you were merging this... so I asked. I was really hoping for > update and < snark.

As part of Drupal's Licensing Working Group, we deal with licensing issues for a community with thousands of projects and contributors. I understand how frustrating it can be to get these resolved... and how thankless.

SO THANK YOU! Unenforceable, non-standard licensing clauses like that are incredibly unproductive.

While I'm guilty of my share of responses like this, you should be aware of how off putting this is for someone who isn't familiar with your project.

Since there is nothing in the branch's README.md, description, an open PR with comments or in this issue indicating what still needs to be done, people are going to continue to periodically ask until this gets merged.

If you are going to use a boilerplate response to anyone who asks, I'd suggest some changes. "I didn't intend to use it!" is != "we didn't intend to merge it". It would be less off putting to say something like...

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

This file wasn't essential to the Drupal project so it was removed, but this issue is becoming a great case study in the ripple effect modifying a truly open and vetted license can have. Let me know if there is anything I can do to help get this resolved.

kreynen added a commit to kreynen/jshint that referenced this issue Jul 16, 2015

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Jul 16, 2015

Member

I did not intend to be passive aggressive. I interpreted, "I'm having trouble following this issue" as, "I missed your response among all the other discussion". I appreciate your suggestion for a more complete explanation, and I agree that it is an improvement. I'll follow up with a more visible comment dedicated to that message.

As for the issue you referenced: I think there's value for that project to be robust in its parsing of SPDX regardless of any specific project's current configuration. So it would make sense to resolve that issue generally... to me, anyway!

Member

jugglinmike commented Jul 16, 2015

I did not intend to be passive aggressive. I interpreted, "I'm having trouble following this issue" as, "I missed your response among all the other discussion". I appreciate your suggestion for a more complete explanation, and I agree that it is an improvement. I'll follow up with a more visible comment dedicated to that message.

As for the issue you referenced: I think there's value for that project to be robust in its parsing of SPDX regardless of any specific project's current configuration. So it would make sense to resolve that issue generally... to me, anyway!

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Jul 16, 2015

Member

Checking the Status of this Effort

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

Member

jugglinmike commented Jul 16, 2015

Checking the Status of this Effort

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

@pravi

This comment has been minimized.

Show comment
Hide comment
@pravi

pravi Oct 10, 2016

@jugglinmike its about 11 months since the last comment. I'd like to know the current status of this issue.

pravi commented Oct 10, 2016

@jugglinmike its about 11 months since the last comment. I'd like to know the current status of this issue.

@andreicristianpetcu

This comment has been minimized.

Show comment
Hide comment
@andreicristianpetcu

andreicristianpetcu Oct 29, 2016

Seriously? Another "Good, not Evil." license? What is the point of this? Please pick a real FSF approved or OSI approved license.

andreicristianpetcu commented Oct 29, 2016

Seriously? Another "Good, not Evil." license? What is the point of this? Please pick a real FSF approved or OSI approved license.

@flying-sheep

This comment has been minimized.

Show comment
Hide comment
@flying-sheep

flying-sheep Oct 30, 2016

@andreicristianpetcu: you're unnecessarily antagonistic because you're uninformed.

do you know what jshint was forked off? once you do, carefully read this thread, then please apologize for the previous comment.

flying-sheep commented Oct 30, 2016

@andreicristianpetcu: you're unnecessarily antagonistic because you're uninformed.

do you know what jshint was forked off? once you do, carefully read this thread, then please apologize for the previous comment.

@andreicristianpetcu

This comment has been minimized.

Show comment
Hide comment
@andreicristianpetcu

andreicristianpetcu Oct 30, 2016

@flying-sheep I read the thread. Sorry for the spam.

andreicristianpetcu commented Oct 30, 2016

@flying-sheep I read the thread. Sorry for the spam.

@eclipseo

This comment has been minimized.

Show comment
Hide comment
@eclipseo

eclipseo Sep 20, 2017

Any progress on this issue? It's preventing us from including it in Fedora.

eclipseo commented Sep 20, 2017

Any progress on this issue? It's preventing us from including it in Fedora.

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Sep 22, 2017

Member

Thanks for your interest, @eclipseo. I'd love for JSHint to be included in Fedora! Right now, we're trying to re-write a few targeted sections of the codebase. I cannot contribute directly due to my familiarity with the non-Free code. The same goes for many of our prior contributors, so I've been searching for new people with a passion for free software and a penchant for JavaScript. If you (or anyone else following along) know of anyone that fits the bill, please ask them to contact me (either on this thread or via my personal e-mail address).

Member

jugglinmike commented Sep 22, 2017

Thanks for your interest, @eclipseo. I'd love for JSHint to be included in Fedora! Right now, we're trying to re-write a few targeted sections of the codebase. I cannot contribute directly due to my familiarity with the non-Free code. The same goes for many of our prior contributors, so I've been searching for new people with a passion for free software and a penchant for JavaScript. If you (or anyone else following along) know of anyone that fits the bill, please ask them to contact me (either on this thread or via my personal e-mail address).

@andreicristianpetcu

This comment has been minimized.

Show comment
Hide comment
@andreicristianpetcu

andreicristianpetcu Sep 22, 2017

Well.... if it's written from scratch it does not matter who writes it. This is a copyright issue, not a patent issue.

andreicristianpetcu commented Sep 22, 2017

Well.... if it's written from scratch it does not matter who writes it. This is a copyright issue, not a patent issue.

@jugglinmike

This comment has been minimized.

Show comment
Hide comment
@jugglinmike

jugglinmike Sep 22, 2017

Member

We are not currently attempting to re-write from scratch. I tried to communicate this in my previous response with the phrase, "a few targeted sections of the codebase."

Member

jugglinmike commented Sep 22, 2017

We are not currently attempting to re-write from scratch. I tried to communicate this in my previous response with the phrase, "a few targeted sections of the codebase."

@bastien-roucaries

This comment has been minimized.

Show comment
Hide comment
@bastien-roucaries

bastien-roucaries Jun 11, 2018

What is the current status ?

bastien-roucaries commented Jun 11, 2018

What is the current status ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment