Discussion:
Third party plugins and source - license information, updates, runtime initialization
Daniel Leidert
2014-02-15 12:16:43 UTC
Permalink
Hi,

During packaging the latest bf release and updating the necessary
copyright information I found several issues with how third party
plugins are handled and handed to the user and would therefor like to
declare some requirements and suggestions:

- Add license information for third party plugins
Almost all third-party stuff (cssmin, jsbeautify, zencoding) misses
copyright and/or licensing information in the bf source package. This
can be legally problematic (not only to the bf authors but also to the
user base!). probably something like adding COPYING.foo to the source
package is sufficient. I further suggest to add a section to the README
file to declare, where you got the copy from and that the license
information can be found in COPYING.foo. JFTR: all third-party stuff
seems to be licensed under an MIT license.

- Update plugins from time to time
At least jsmin, cssmin and jsbeautify have seen development since we
included a copy of them in Bluefish. The zen-coding plugin has been
renamed and moved (and seems to miss the python stuff now?!). Now
remember that you are responsible for every bug in these third-party
applications too (especially if we maybe ship a copy with a serious
security bug). IMO if we include third-party stuff, it should be
watched, updated and tested.

I consider the above requirements. Now the next one refers to the second
point and is also a packaging aspect:

- Don't install a copy of this third party stuff if a system wide
installed copy already exists
For Debian I found, that at least cssmin is now packaged and actively
maintained. It is newer then what bf ships and it might contain
bug-fixes our copy doesn't have. So I suggest to do two things: during
configuration check (and allow a manual override), if a python module
exists (python -c 'import cssmin') and depending on the result, (a)
don't install our copy and (b) call it from src/rcfile.c with a system
wide python import command. Maybe we can also do the check during
runtime. Other distributions might already have copies of zencoding,
jsmin (2.0.9) etc.

Regards, Daniel
Olivier Sessink
2014-02-15 13:31:44 UTC
Permalink
On 02/15/2014 01:16 PM, Daniel Leidert wrote:
> Hi,
>
> During packaging the latest bf release and updating the necessary
> copyright information I found several issues with how third party
> plugins are handled and handed to the user and would therefor like to
> declare some requirements and suggestions:
>
> - Add license information for third party plugins
> Almost all third-party stuff (cssmin, jsbeautify, zencoding) misses
> copyright and/or licensing information in the bf source package. This
> can be legally problematic (not only to the bf authors but also to the
> user base!). probably something like adding COPYING.foo to the source
> package is sufficient. I further suggest to add a section to the README
> file to declare, where you got the copy from and that the license
> information can be found in COPYING.foo. JFTR: all third-party stuff
> seems to be licensed under an MIT license.

as in COPYRIGHT.jsmin ?


>
> - Update plugins from time to time
> At least jsmin, cssmin and jsbeautify have seen development since we
> included a copy of them in Bluefish. The zen-coding plugin has been
> renamed and moved (and seems to miss the python stuff now?!). Now
> remember that you are responsible for every bug in these third-party
> applications too (especially if we maybe ship a copy with a serious
> security bug). IMO if we include third-party stuff, it should be
> watched, updated and tested.

true

>
> I consider the above requirements. Now the next one refers to the second
> point and is also a packaging aspect:
>
> - Don't install a copy of this third party stuff if a system wide
> installed copy already exists
> For Debian I found, that at least cssmin is now packaged and actively
> maintained. It is newer then what bf ships and it might contain
> bug-fixes our copy doesn't have. So I suggest to do two things: during
> configuration check (and allow a manual override), if a python module
> exists (python -c 'import cssmin') and depending on the result, (a)
> don't install our copy and (b) call it from src/rcfile.c with a system
> wide python import command. Maybe we can also do the check during
> runtime. Other distributions might already have copies of zencoding,
> jsmin (2.0.9) etc.

yes, if they are available we don't have to include them. suggestions
for makefile improvements are welcome, I can do the required changes in
rcfile.c

Olivier


--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
Daniel Leidert
2014-02-15 14:11:44 UTC
Permalink
Am Samstag, den 15.02.2014, 14:31 +0100 schrieb Olivier Sessink:
> On 02/15/2014 01:16 PM, Daniel Leidert wrote:

[..]
> > - Add license information for third party plugins
> > Almost all third-party stuff (cssmin, jsbeautify, zencoding) misses
> > copyright and/or licensing information in the bf source package. This
> > can be legally problematic (not only to the bf authors but also to the
> > user base!). probably something like adding COPYING.foo to the source
> > package is sufficient. I further suggest to add a section to the README
> > file to declare, where you got the copy from and that the license
> > information can be found in COPYING.foo. JFTR: all third-party stuff
> > seems to be licensed under an MIT license.
>
> as in COPYRIGHT.jsmin ?

I don't understand. There is no such file - neither in subversion nor in
the source tarball. (Do you have it locally and missed to submit it :)?)
But the naming would be ok. I could imagine the contents as follows:

> The bluefish source contains the file(s)/a copy of the
> file(s) ...files... received from ...URL/project... under the
> following copyright and license:
>
> Copyright (C) ...
>
> License:
> ... license text ...

Regards, Daniel
Olivier Sessink
2014-02-16 17:33:28 UTC
Permalink
On 02/15/2014 03:11 PM, Daniel Leidert wrote:

>> The bluefish source contains the file(s)/a copy of the
>> file(s) ...files... received from ...URL/project... under the
>> following copyright and license:
>>
>> Copyright (C) ...
>>
>> License:
>> ... license text ...

can't we add all this information to the COPYRIGHT file?

I image that would be completely correct as well.

Olivier

--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
Jim Hayward
2014-02-16 23:22:49 UTC
Permalink
On Sun, 2014-02-16 at 18:33 +0100, Olivier Sessink wrote:
> On 02/15/2014 03:11 PM, Daniel Leidert wrote:
>
> >> The bluefish source contains the file(s)/a copy of the
> >> file(s) ...files... received from ...URL/project... under the
> >> following copyright and license:
> >>
> >> Copyright (C) ...
> >>
> >> License:
> >> ... license text ...
>
> can't we add all this information to the COPYRIGHT file?
>
> I image that would be completely correct as well.

The MIT license header is in jsmin.py. The source for cssmin does not
include a license at all.


Regards,
Jim H
Daniel Leidert
2014-02-17 07:57:13 UTC
Permalink
Jim Hayward wrote:
>On Sun, 2014-02-16 at 18:33 +0100, Olivier Sessink wrote:
>> On 02/15/2014 03:11 PM, Daniel Leidert wrote:
>>
>> >> The bluefish source contains the file(s)/a copy of the
>> >> file(s) ...files... received from ...URL/project... under the
>> >> following copyright and license:
>> >>
>> >> Copyright (C) ...
>> >>
>> >> License:
>> >> ... license text ...
>>
>> can't we add all this information to the COPYRIGHT file?
>>
>> I image that would be completely correct as well.
>
>The MIT license header is in jsmin.py. The source for cssmin does not
>include a license at all.

It is MIT licensed too:
https://github.com/zacharyvoase/cssmin/blob/master/LICENSE

See [1] for what I've found so far. All plugins except the
lorem-ipsum-generator are MIT licensed and the latter is
under a BSD 3-clause license.

[1] http://sourceforge.net/p/bluefish/code/HEAD/tree/packages/debian/bluefish/trunk/debian/copyright

Regards, Daniel
Jim Hayward
2014-02-15 14:29:55 UTC
Permalink
On Sat, 2014-02-15 at 13:16 +0100, Daniel Leidert wrote:
>
> - Update plugins from time to time
> At least jsmin, cssmin and jsbeautify have seen development since we
> included a copy of them in Bluefish. The zen-coding plugin has been
> renamed and moved (and seems to miss the python stuff now?!). Now
> remember that you are responsible for every bug in these third-party
> applications too (especially if we maybe ship a copy with a serious
> security bug). IMO if we include third-party stuff, it should be
> watched, updated and tested.

Updated jsmin to 2.0.9. I knew 2.0.9 was out last week, but I had not
had time to update it in SVN.


Regards,
Jim H
Loading...