Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upMake our website's Javascript acceptable to LibreJS #3731
Comments
purcell
added
the
website
label
Apr 3, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 5, 2016
After learning a bit more about LibreJS, I've sent a request to the mailing list in the hopes of whitelisting all the external Javascript. If that's successful, I'll submit a pull request adding the proper headers to melpa.js.
artlogic
commented
Apr 5, 2016
|
After learning a bit more about LibreJS, I've sent a request to the mailing list in the hopes of whitelisting all the external Javascript. If that's successful, I'll submit a pull request adding the proper headers to |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
purcell
Apr 6, 2016
Member
Thanks! There's probably still something to be done around putting copyright info in melpa.js.
|
Thanks! There's probably still something to be done around putting copyright info in |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 6, 2016
Yup - I'll submit a pull request. I was just waiting to hear back from the LibreJS people.
artlogic
commented
Apr 6, 2016
|
Yup - I'll submit a pull request. I was just waiting to hear back from the LibreJS people. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
aplaice
Apr 7, 2016
Contributor
(Disclaimer: not affiliated with librejs, don't actually use it; think blacklisting of MELPA over such triviality would be stupid)
According to the most comprehensive guide, the easiest way to inform LibreJS that a given js file is FOSS, is using web labels, effectively creating an html file containing a table with the URLs of all the scripts you load (including scripts from other domains!), their licenses and links to their unminified forms.
LibreJS does, indeed recognise some js files as free based on their hash, but I'm not sure how scalable and easily-updatable this approach is. (Currently the list of pre-approved files is here.)
In the case of inline (embedded) javascript one needs to surround all the javascript used with // @license and // @license-end tags (or have a license section in the document header).
For MELPA, all the scripts needed for basic functionality are already free and the following changes should make the site work with LibreJS:
- change
melpa/html/index.html, adding:
<a href="/jslicense" data-jslicense="1">JavaScript license information</asomewhere (for example in the footer) and
2. create melpa/html/jslicense with (at least) the following table:
<table id="jslicense-labels1">
<thead>
<tr>
<th>Script</th>
<th>License</th>
<th>Source</th>
</tr>
</thead>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/mithril/0.2.0/mithril.min.js">mithril.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/mithril/0.2.0/mithril.js">mithril.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.8.4/moment.min.js">moment.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.8.4/moment.js">moment.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/lodash.js/2.4.1/lodash.min.js">lodash.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/lodash.js/2.4.1/lodash.js">lodash.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/Cookies.js/1.1.0/cookies.min.js">cookies.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Unlicense</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/Cookies.js/1.1.0/cookies.js">cookies.js</a></td>
</tr>
<tr>
<td><a href="/js/melpa.js">melpa.js</a></td>
<td><a href="http://www.gnu.org/licenses/gpl-3.0.html">GNU-GPL-3.0-or-later</a></td>
<td><a href="/js/melpa.js">melpa.js</a></td>
</tr>
</table>(Here are the full files: index.html and jslicense — if you prefer I could send a pull request.)
I've tested this, so it should just work. However, that was on my system for which I had to change the paths (so that melpa "worked") and I might not have changed everything back correctly.
Obviously, this will not make LibreJS accept the twitter or google-analytics javascript, since these are not FOSS, but at least the core functionality will work.
|
(Disclaimer: not affiliated with librejs, don't actually use it; think blacklisting of MELPA over such triviality would be stupid) According to the most comprehensive guide, the easiest way to inform LibreJS that a given js file is FOSS, is using web labels, effectively creating an html file containing a table with the URLs of all the scripts you load (including scripts from other domains!), their licenses and links to their unminified forms. LibreJS does, indeed recognise some js files as free based on their hash, but I'm not sure how scalable and easily-updatable this approach is. (Currently the list of pre-approved files is here.) In the case of inline (embedded) javascript one needs to surround all the javascript used with For MELPA, all the scripts needed for basic functionality are already free and the following changes should make the site work with LibreJS:
<a href="/jslicense" data-jslicense="1">JavaScript license information</asomewhere (for example in the footer) and <table id="jslicense-labels1">
<thead>
<tr>
<th>Script</th>
<th>License</th>
<th>Source</th>
</tr>
</thead>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/mithril/0.2.0/mithril.min.js">mithril.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/mithril/0.2.0/mithril.js">mithril.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.8.4/moment.min.js">moment.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.8.4/moment.js">moment.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/lodash.js/2.4.1/lodash.min.js">lodash.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/lodash.js/2.4.1/lodash.js">lodash.js</a></td>
</tr>
<tr>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/Cookies.js/1.1.0/cookies.min.js">cookies.min.js</a></td>
<td><a href="http://www.jclark.com/xml/copying.txt">Unlicense</a></td>
<td><a href="//cdnjs.cloudflare.com/ajax/libs/Cookies.js/1.1.0/cookies.js">cookies.js</a></td>
</tr>
<tr>
<td><a href="/js/melpa.js">melpa.js</a></td>
<td><a href="http://www.gnu.org/licenses/gpl-3.0.html">GNU-GPL-3.0-or-later</a></td>
<td><a href="/js/melpa.js">melpa.js</a></td>
</tr>
</table>(Here are the full files: index.html and jslicense — if you prefer I could send a pull request.) I've tested this, so it should just work. However, that was on my system for which I had to change the paths (so that melpa "worked") and I might not have changed everything back correctly. Obviously, this will not make LibreJS accept the twitter or google-analytics javascript, since these are not FOSS, but at least the core functionality will work. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 7, 2016
@aplaice That would certainly be the quickest way to get things going. I have yet to hear back from the LibreJS folks. You can see my request here: http://lists.gnu.org/archive/html/help-librejs/2016-04/msg00000.html
If you have the work done already, and if @purcell agrees, I'd be happy to test your code to verify it works on my system.
artlogic
commented
Apr 7, 2016
|
@aplaice That would certainly be the quickest way to get things going. I have yet to hear back from the LibreJS folks. You can see my request here: http://lists.gnu.org/archive/html/help-librejs/2016-04/msg00000.html If you have the work done already, and if @purcell agrees, I'd be happy to test your code to verify it works on my system. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 7, 2016
@aplaice I've tested and commented in the pull request. Unfortunately it looks like we'll need to wait and see about the "unlicensed" piece of code.
artlogic
commented
Apr 7, 2016
|
@aplaice I've tested and commented in the pull request. Unfortunately it looks like we'll need to wait and see about the "unlicensed" piece of code. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 18, 2016
@purcell I've emailed the LibreJS maintainer in an attempt to move things along.
Another developer and I have made a couple of requests about whitelisting libraries and licenses on both bug-librejs and help-librejs, but there has been no response. Here are the relevant posts:
http://lists.gnu.org/archive/html/help-librejs/2016-04/msg00000.html
http://lists.gnu.org/archive/html/bug-librejs/2016-04/msg00001.htmlI hope you don’t mind me emailing you directly, but we’re attempting to get LibreJS to recognize the MELPA repository website as free software: http://melpa.org/
Is there anything I can do to help make this happen?
artlogic
commented
Apr 18, 2016
|
@purcell I've emailed the LibreJS maintainer in an attempt to move things along.
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Great -- thanks so much for your help with this.
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 19, 2016
@purcell - I got to thinking, since the hold-up here is Cookies.js, and it's barely used, how would you feel about stubbing out a mock object that would be used if window.Cookies is undefined?
window.Cookies = window.Cookies || {
get: function () { },
set: function () { },
expire: function () { }
};I'd be happy to submit a pull request if this would be acceptable.
artlogic
commented
Apr 19, 2016
|
@purcell - I got to thinking, since the hold-up here is Cookies.js, and it's barely used, how would you feel about stubbing out a mock object that would be used if window.Cookies is undefined? window.Cookies = window.Cookies || {
get: function () { },
set: function () { },
expire: function () { }
};I'd be happy to submit a pull request if this would be acceptable. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
purcell
Apr 19, 2016
Member
I'd rather not put too much effort into working around this just for a handful of users. We can consider our options when and if we get a response from the LibreJS folks.
|
I'd rather not put too much effort into working around this just for a handful of users. We can consider our options when and if we get a response from the LibreJS folks. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
artlogic
Apr 19, 2016
I just heard back from the LibreJS maintainer. He will be adding Unlicense. Additionally, the four libraries will be whitelisted at some point in the future. I don't believe there's any further work to be done on this issue other than testing once LibreJS is updated.
artlogic
commented
Apr 19, 2016
|
I just heard back from the LibreJS maintainer. He will be adding Unlicense. Additionally, the four libraries will be whitelisted at some point in the future. I don't believe there's any further work to be done on this issue other than testing once LibreJS is updated. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
aplaice
Apr 19, 2016
Contributor
@artlogic Thank very much for e-mailing the LibreJS maintainer directly, as it seems to have sped things up considerably (he finally replied both to your initial question and my later one).
@purcell Thank you for merging the patch!
|
@artlogic Thank very much for e-mailing the LibreJS maintainer directly, as it seems to have sped things up considerably (he finally replied both to your initial question and my later one). @purcell Thank you for merging the patch! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Thanks so much for your help with this, folks! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
tarsius
Mar 12, 2017
Member
So this has been taken care of. (Of course if someone actually installed librejs and reported the result, that would be nice.)
|
So this has been taken care of. (Of course if someone actually installed librejs and reported the result, that would be nice.) |
tarsius
closed this
Mar 12, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
purcell
Mar 13, 2017
Member
I recall trying it at some point, and I think it was fine. I'm sure someone will file a fresh issue if not.
|
I recall trying it at some point, and I think it was fine. I'm sure someone will file a fresh issue if not. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
To1ne
Mar 13, 2017
The site is fully functional with LibreJS enabled (6.0.13). But there is still a "Complain" tab because the Google Analytics code is non-free (although, I don't mind it being blocked).
To1ne
commented
Mar 13, 2017
|
The site is fully functional with LibreJS enabled (6.0.13). But there is still a "Complain" tab because the Google Analytics code is non-free (although, I don't mind it being blocked). |
purcell commentedApr 3, 2016
See #3728 and this reddit thread in relation to RMS's assertion that our website has "ethical problems".
In short, we would like to help the GNU LibreJS browser extension to correctly detect that all the Javascript we serve is open source software.
Quoting @artlogic in #3728: