FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 10-26-2011, 05:08 PM
Raphael Hertzog
 
Default Minified files and source code requirement

Hi,

On Sun, 23 Oct 2011, Paul Wise wrote:
> One of the other problems with embedded JavaScript libraries is that
> often only the pre-compiled/obfuscated/minified version is
> distributed, which would be a violation of DFSG item 2.

I did not reply on this at first but since Jakub filed #646729 using
a similar reasoning, I would like to discuss this here.

I don't agree that minified files are a violation of DFSG #2. If the
library is under the GPL then it would be a problem because it's not the
preferred form of modification.

But with more liberal licenses, we should certainly accept that the
minified files are their own sources much like we accept any other blob of
data under a free license. For instance we know that almost none of the
firmwares are hand-crafted yet I think we have many firmware under
DFSG-free licenses (and we adequately pointed out that GPL firmwares were
not ok).

(Furthermore there are tools which can reindent such minified files, while
this doesn't restore variable names and the like, it really helps if one
wants to analyze this code.)

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Pre-order a copy of the Debian Administrator's Handbook and help
liberate it: http://debian-handbook.info/go/ulule-rh/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111026170814.GA28720@rivendell.home.ouaza.com">h ttp://lists.debian.org/20111026170814.GA28720@rivendell.home.ouaza.com
 
Old 10-26-2011, 05:45 PM
Julien Cristau
 
Default Minified files and source code requirement

On Wed, Oct 26, 2011 at 19:08:14 +0200, Raphael Hertzog wrote:

> Hi,
>
> On Sun, 23 Oct 2011, Paul Wise wrote:
> > One of the other problems with embedded JavaScript libraries is that
> > often only the pre-compiled/obfuscated/minified version is
> > distributed, which would be a violation of DFSG item 2.
>
> I did not reply on this at first but since Jakub filed #646729 using
> a similar reasoning, I would like to discuss this here.
>
> I don't agree that minified files are a violation of DFSG #2. If the
> library is under the GPL then it would be a problem because it's not the
> preferred form of modification.
>
Just because it's not GPL doesn't mean DFSG can be ignored.

> But with more liberal licenses, we should certainly accept that the
> minified files are their own sources much like we accept any other blob of
> data under a free license. For instance we know that almost none of the

We... don't?

> firmwares are hand-crafted yet I think we have many firmware under
> DFSG-free licenses (and we adequately pointed out that GPL firmwares were
> not ok).

And we ship that non-GPL, sourceless firmware in non-free.

> (Furthermore there are tools which can reindent such minified files, while
> this doesn't restore variable names and the like, it really helps if one
> wants to analyze this code.)
>
Just like there's disassemblers for ELF. That doesn't make ELF files
source.

Cheers,
Julien


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111026174508.GK3100@radis.liafa.jussieu.fr">http ://lists.debian.org/20111026174508.GK3100@radis.liafa.jussieu.fr
 
Old 10-26-2011, 07:00 PM
Raphael Hertzog
 
Default Minified files and source code requirement

On Wed, 26 Oct 2011, Julien Cristau wrote:
> On Wed, Oct 26, 2011 at 19:08:14 +0200, Raphael Hertzog wrote:
> > I don't agree that minified files are a violation of DFSG #2. If the
> > library is under the GPL then it would be a problem because it's not the
> > preferred form of modification.
>
> Just because it's not GPL doesn't mean DFSG can be ignored.

Well, minified or not, my point is that it's "code". And DFSG#2 refers to
source code not to "preferred form of modification".

> > But with more liberal licenses, we should certainly accept that the
> > minified files are their own sources much like we accept any other blob of
> > data under a free license. For instance we know that almost none of the
>
> We... don't?
>
> > firmwares are hand-crafted yet I think we have many firmware under
> > DFSG-free licenses (and we adequately pointed out that GPL firmwares were
> > not ok).
>
> And we ship that non-GPL, sourceless firmware in non-free.

I stand corrected on this specific example. I don't have any other example
to use where "source code" would be involved.

We have the case of PDF files without the original document used
to generate that PDF but it doesn't really count since DFSG#2 only
applies to "source code". Although it would be relevant for the "preferred
form of modification" in the case of the GPL.

I would be leaning to be less tolerant for minified files of external
libraries that have been modified, but in the case of external libraries
that are just copied/embedded unmodified, I don't really see the point of
it.

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Pre-order a copy of the Debian Administrator's Handbook and help
liberate it: http://debian-handbook.info/go/ulule-rh/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111026190026.GA29552@rivendell.home.ouaza.com">h ttp://lists.debian.org/20111026190026.GA29552@rivendell.home.ouaza.com
 
Old 10-26-2011, 07:48 PM
"Adam D. Barratt"
 
Default Minified files and source code requirement

On Wed, 2011-10-26 at 21:00 +0200, Raphael Hertzog wrote:
> On Wed, 26 Oct 2011, Julien Cristau wrote:
> > Just because it's not GPL doesn't mean DFSG can be ignored.
>
> Well, minified or not, my point is that it's "code". And DFSG#2 refers to
> source code not to "preferred form of modification".

It also doesn't define "source" (or "code", for that matter, hence
several attempts in the past to clarify the language).

My understanding has always been that, for want of a better definition
and in the absence of anything more formal, Debian has basically treated
the two terms as interchangeable. See #383465 for instance; the old nv
driver definitely wasn't GPLed. (Yes, it's not a great example, but it
also doesn't involve interminable threads on debian-legal).

> We have the case of PDF files without the original document used
> to generate that PDF but it doesn't really count since DFSG#2 only
> applies to "source code".

The FTP team certainly appear to be of the opinion that it's a serious
enough issue to make a package unacceptable for the archive - see the
penultimate entry in the "direct reject" table on
http://ftp-master.debian.org/REJECT-FAQ.html

Regards,

Adam


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1319658490.11486.7.camel@hathi.jungle.funky-badger.org">http://lists.debian.org/1319658490.11486.7.camel@hathi.jungle.funky-badger.org
 
Old 10-26-2011, 07:48 PM
Tollef Fog Heen
 
Default Minified files and source code requirement

]] Raphael Hertzog

Hi,

| On Wed, 26 Oct 2011, Julien Cristau wrote:
| > On Wed, Oct 26, 2011 at 19:08:14 +0200, Raphael Hertzog wrote:
| > > I don't agree that minified files are a violation of DFSG #2. If the
| > > library is under the GPL then it would be a problem because it's not the
| > > preferred form of modification.
| >
| > Just because it's not GPL doesn't mean DFSG can be ignored.
|
| Well, minified or not, my point is that it's "code". And DFSG#2 refers to
| source code not to "preferred form of modification".

Do you have a more useful definition of source code than preferred form
for modification?

Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87obx37cvc.fsf@qurzaw.varnish-software.com">http://lists.debian.org/87obx37cvc.fsf@qurzaw.varnish-software.com
 
Old 10-26-2011, 09:47 PM
Michael Gilbert
 
Default Minified files and source code requirement

On Wed, Oct 26, 2011 at 1:08 PM, Raphael Hertzog wrote:
> Hi,
>
> On Sun, 23 Oct 2011, Paul Wise wrote:
>> One of the other problems with embedded JavaScript libraries is that
>> often only the pre-compiled/obfuscated/minified version is
>> distributed, which would be a violation of DFSG item 2.
>
> I did not reply on this at first but since Jakub filed #646729 using
> a similar reasoning, I would like to discuss this here.
>
> I don't agree that minified files are a violation of DFSG #2. If the
> library is under the GPL then it would be a problem because it's not the
> preferred form of modification.

This isn't a problem if you use the system library (e.g. jquery.min.js
that exists in the jquery package thanks to yui-compressor). The real
solution to this problem (as already discussed) is to devise a
javascript versioning policy that causes breakages when APIs change,
so that any such change has to have a transition plan.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CANTw=MM64fqG9it-h7gM1B5QCg=Lq-CJ73Dm4mFh8eHw=AziOw@mail.gmail.com">http://lists.debian.org/CANTw=MM64fqG9it-h7gM1B5QCg=Lq-CJ73Dm4mFh8eHw=AziOw@mail.gmail.com
 
Old 10-27-2011, 01:03 AM
Charles Plessy
 
Default Minified files and source code requirement

Le Wed, Oct 26, 2011 at 07:08:14PM +0200, Raphael Hertzog a écrit :
>
> But with more liberal licenses, we should certainly accept that the
> minified files are their own sources much like we accept any other blob of
> data under a free license.

Hello Raphaël and everybody,

one of the problem with minified JavaScript libraries is that it is difficult
to know what they really do. Are they really what the upstream author thinks
they are, or was he tricked in cut-and-pasting a fake version containing a
spyware ?

On the other hand, if the minified file you would like to distribute matches
exactly a minified file that has been distributed by Debian in the past, then
indeed, why not running that version ? You are an experienced developer and I
trust you to understand, balance and negociate the costs and benefits on a
case-by-case basis.

For the compliance with DFSG – and this is the main message here – we could
reach it considering all the packages that are part of the same release, by
using the dpkg source format 3.0 (git), which would be an efficient way to
distribute past source versions and point at the preferred one at the same
time.

Have a nice day,

--
Charles Plessy
Tsurumi, Kanagawa, Japan


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111027010312.GD30617@merveille.plessy.net">http://lists.debian.org/20111027010312.GD30617@merveille.plessy.net
 
Old 10-27-2011, 04:34 AM
Paul Wise
 
Default Minified files and source code requirement

On Thu, Oct 27, 2011 at 1:08 AM, Raphael Hertzog wrote:

> I don't agree that minified files are a violation of DFSG #2. If the
> library is under the GPL then it would be a problem because it's not the
> preferred form of modification.

I think this is exactly the same as xserver-xorg-video-nv, which
contained obfuscated C code instead of the actual source code. I
personally considered that a DFSG violation but I guess you would not?

> But with more liberal licenses, we should certainly accept that the
> minified files are their own sources much like we accept any other blob of
> data under a free license. For instance we know that almost none of the
> firmwares are hand-crafted yet I think we have many firmware under
> DFSG-free licenses (and we adequately pointed out that GPL firmwares were
> not ok).

What is the preferred form for modification for a work (aka source) is
highly context-dependent.

For example:

A TTF font file might be source or FontForge .sfd files might be the source.

A PNG image might be source or the SVG or XCF it was rendered from
might be the source.

A firmware blob might be written using a hex editor or it might be
built from assembly code or C compiler. There are cases of both in the
firmware-free package.

An ELF executable might be written using a hex editor (haven't seen
that yet) or compiled from assembly, C or other code.

Just accepting what we are given is not enough to actually know what
the source actually is (here I'm thinking of MegaGlest).

Further than that, some forms that are currently used as source might
be better converted to other forms. For example given a hand-crafted
binary firmware file, we should suggest that upstream convert that to
assembler and use that instead.

> (Furthermore there are tools which can reindent such minified files, while
> this doesn't restore variable names and the like, it really helps if one
> wants to analyze this code.)

Thats irrelevant, it will not restore the original source, just like
ELF or Java decompilers cannot.

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKTje6G0H0jxA5dD9YWqKTuQQMjTx4sPkjMxw3JiN=F=J_=QM w@mail.gmail.com">http://lists.debian.org/CAKTje6G0H0jxA5dD9YWqKTuQQMjTx4sPkjMxw3JiN=F=J_=QM w@mail.gmail.com
 
Old 10-27-2011, 05:33 AM
Russ Allbery
 
Default Minified files and source code requirement

Paul Wise <pabs@debian.org> writes:

> What is the preferred form for modification for a work (aka source) is
> highly context-dependent.

I'd like to poke a little bit at the assumption that these two things are
the same and that Debian necessarily uses the GPL term as our definition
of source.

To me, the source of something is *a* form suitable for modification of
the work. This is *not* necessarily the same thing as the GPL's "the
preferred form of the work for making modifications to it." I think
Debian's term means that the form has to be suitable for modification by a
reasonable "average person" who is technically skilled enough to be able
to modify the work. I think it's a bit of a leap that it necessarily
means that it has to be whatever form that the author of the work
personally prefers, and even more of a leap that it has to be the form
that the author of the work used originally.

For example, suppose I include an image in a piece of software that I
generated by taking a digital photograph of something in RAW, manipulating
it in Photoshop, and then exporting it as a JPEG. What's the source? In
the GPL sense, one can make an argument that the original RAW image is the
preferred form for modification, since if I had it available I'd probably
use it rather than the JPEG to make further changes. However, I think the
JPEG is perfectly reasonable source from the Debian perspective: there is
nothing about the JPEG that prevents people from making further
transformations and changes and creating a derivative work. It may not be
ideal, similar to how working with source without the revision history
from the original VCS repository isn't ideal, but it's certainly
*possible* and even reasonable.

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87k47r2e3x.fsf@windlord.stanford.edu">http://lists.debian.org/87k47r2e3x.fsf@windlord.stanford.edu
 
Old 10-27-2011, 05:50 AM
Paul Wise
 
Default Minified files and source code requirement

On Thu, Oct 27, 2011 at 1:33 PM, Russ Allbery <rra@debian.org> wrote:

> To me, the source of something is *a* form suitable for modification of
> the work. *This is *not* necessarily the same thing as the GPL's "the
> preferred form of the work for making modifications to it." *I think
> Debian's term means that the form has to be suitable for modification by a
> reasonable "average person" who is technically skilled enough to be able
> to modify the work. *I think it's a bit of a leap that it necessarily
> means that it has to be whatever form that the author of the work
> personally prefers, and even more of a leap that it has to be the form
> that the author of the work used originally.

I completely disagree with this because I thought free software was
about equality.

Free software licenses bring back the equality broken by copyright law.

These licenses are completely irrelevant if we do not have equality of
access to the source form of a work.

> For example, suppose I include an image in a piece of software that I
> generated by taking a digital photograph of something in RAW, manipulating
> it in Photoshop, and then exporting it as a JPEG. *What's the source? *In
> the GPL sense, one can make an argument that the original RAW image is the
> preferred form for modification, since if I had it available I'd probably
> use it rather than the JPEG to make further changes. *However, I think the
> JPEG is perfectly reasonable source from the Debian perspective: there is
> nothing about the JPEG that prevents people from making further
> transformations and changes and creating a derivative work. *It may not be
> ideal, similar to how working with source without the revision history
> from the original VCS repository isn't ideal, but it's certainly
> *possible* and even reasonable.

The ideal source for that is obviously RAW + manipulation instructions
+ JPEG export settings.

Given just a JPEG I would consult upstream to find out what the source is.

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKTje6G_3cpFhNv9tjLqaPofxf7vS=LR3BYSUsS=TTDkOY4_n g@mail.gmail.com">http://lists.debian.org/CAKTje6G_3cpFhNv9tjLqaPofxf7vS=LR3BYSUsS=TTDkOY4_n g@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 04:47 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org