Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.By minifying code and removing comments; one might argue that the GPL is not being followed to the letter of the law. By providing a comment in the minified JS pointing to the js source file this should solve most potential issues as a link to the unmodified source is now provided. Follow up from http://denver2012.drupal.org/content/front-end-performance-improvements
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | advagg-1493876-1-link-to-source-for-minified-js-code.patch | 697 bytes | mikeytown2 |
Comments
Comment #1
mikeytown2 CreditAttribution: mikeytown2 commentedThe following patch has now been committed.
Comment #2
mfer CreditAttribution: mfer commentedGlad you have this in. The next time I'm talking to companies that have this legal issue or the lawyers I deal with on this issue I'm going to ask about how acceptable a solution like this is.
Comment #4
mikeytown2 CreditAttribution: mikeytown2 commentedComment #5
mfer CreditAttribution: mfer commented@mikeytown2 how do you test that the solution you implemented actually does better compliance? From what has been shared with me it still has issues making it unusable for me for license issues.
Comment #6
mikeytown2 CreditAttribution: mikeytown2 commentedI consider minified/obfuscated JS to be "compiled" by programs like jsmin+ and thus I consider it in binary form. For this 4.1.4 Option 6(d) in GPLv3: Internet Distribution clarifies what was implied in GPLv2. Going under these assumptions, what I'm doing in AdvAgg means I'm under GPL compliance now.
A lot of this deals with opinions from what I can see. There is no legal precedence one way or another; only legal opinions. Linking to where one can get the full un-obfuscated source that also has licensing information is good and I would call it a step in the right direction http://stackoverflow.com/questions/1086445/obfuscation-and-gpl. http://programmers.stackexchange.com/questions/62885/must-source-code-re.... Minification is obfuscation IMHO.
When's the last time you modified a minified javascript file in a text editor? You go get the unminifed version if you wish to modify it. Developing with the minified JS is dumb. Expecting that people will grab the raw minified JS and not the original file when a link to it is directly above and below the code in question is a rare case.
Comment #7
mfer CreditAttribution: mfer commented@mikeytown2 I don't argue with internet distribution. This issue I'm asking about isn't in reference to providing the source. That's something I'm not asking about your compliance on.
Let me articulate it differently.
When you look at the 3-part BSD or MIT licenses there are notices about including them even when distributed in binary form. Many of the JavaScript files dumped into sites or included via modules (some not distributed on d.o because they aren't GPLv2) are MIT licensed. That means leaving the MIT license into in the JS file no matter the form. This is where I have trouble and it gets complicated.
So, Even if I accept your reasoning that these are binary... When I read something like the 3 clause BSD license I see an issue. Do you see what I mean?
Comment #8
mikeytown2 CreditAttribution: mikeytown2 commentedBSD: http://www.opensource.org/licenses/bsd-license.php
The source still maintains the copyright notice. A link to the code containing the copyright notice in "other materials" (source code) fulfills this from my understanding when distributing the minified (binary) version.
MIT: http://www.quora.com/Does-the-MIT-license-require-attribution-in-a-binar...
From what I can see by linking to the original source code that fulfills the issue if it's in binary form.
Comment #9
mfer CreditAttribution: mfer commentedThere is one big assumption here and that is that minified JavaScript is equivalent to binary in these contexts. Unfortunately, there is no standard for what minified is. It is not binary or a lower level byte code. Maybe in our concepts and our workflows but not in the technical sense of the things. It may be obfuscation but there is no standard on that. It's not intentionally made hard to reverse engineer. It's all about size and may scripts are downright easy to reverse engineer and work with. The point is different.
What is minified JavaScript is the question to solve from a legal standpoint?
Even on Stack Overflow there is no consistent answer. You shared your links and here is another... http://stackoverflow.com/a/3248962/11910. They are different answers to the same question from the ones you posted.
Do you have something other than SO opinions or your own on what minified JS is? This is a legal and license issue which is what makes it complicated. This is a world I've grown to live in starting even before my current position.
Comment #10
mikeytown2 CreditAttribution: mikeytown2 commentedThis is correct. It's never been to tested in court, and at best we have various opinions. This thread is my opinion on the subject.
If you run a script though something like packer or UglifyJS, you really want a program to undo that step if you're looking to edit the script. I would classify the undo step as a decompiler. If the javascript is simple you can do it by hand; but once you get into things that are large in scope you really want something like jsbeautifier, but even this can't bring you back to the original un-minified script. Information has been "lost" because of the minification process; the original would be very hard to get back. I relate the minification and unminification process to be very similar to compiling and decompiling. Finding a good decompiler is hard, just like finding a good unminify program is hard; none of them do it perfectly.
A minifier modifies a program so it is readable to the machine, it is not optimizing for human readability; a unminifier modifies that script so it is readable by a human and the fact that a machine can read it is nice but it's not it's main purpose. This process works just like a compiler & decompiler. I don't know anyone who downloads the minified version of a JS library, runs it through something like jsbeautifier and uses that on a production environment. It's always the other way around, take the original and run it through a minifier for use in a production environment.
Comment #11
Wim LeersThis is essentially a simple version of JavaScript License Web Labels, no? Also see #119441-149: Compress JS aggregation and #119441-160: Compress JS aggregation.
Maybe we can move this towards using that standard, so that it's not a one-off implementation?
Comment #12
mikeytown2 CreditAttribution: mikeytown2 commentedLooking at http://www.gnu.org/philosophy/javascript-trap.html#AppendixA I could use
// @source: http://code.jquery.com/jquery-1.8.2.jsto mark where one can download the original source. I could also look for @licstart and @licend, but even jquery doesn't follow this standard.I think everyone agrees that following licensing requirements is a good, it's just that pulling this information out isn't easy. Another thing to note is I didn't write any of the JS minification engines; I'm merely using the best of what I can find out there. This is an issue mainly with those packages and while we could hack around and fix it in AdvAgg, the best place for this to happen would be in projects like JSMin+ so other projects will benefit from it.
In reality almost no one is following the standards laid out on the JavaScript License Web Labels page. Even the Free Software Foundation doesn't follow it's own guidelines. This page http://www.fsf.org/associate/forum uses JS but it doesn't list a link to
/about/javascriptin the source. In-fact if you go to http://www.fsf.org/about/javascript you get a 404.Comment #13
mikeytown2 CreditAttribution: mikeytown2 commentednewer versions of js minification leave
/*!comments in place.