New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please change jshint.js license, remove bad or evil #1234
Comments
I don't know is this can ever happen, as the "bad or evil" licence is the original software licence for JSLint. |
I also think this should happen as soon as possible as this is a major obstacle to shipping also other pieces of software. Se as an example this very sad thread on the debian bug reporter: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673727. |
This isn't possible without removing all Crockford code from JSHINT. It can definitely happen though. |
I need input from someone who understands legal. (I don't) |
I'm pretty sure @goatslacker is correct. You could ask Crockford to change his license :) |
@goatslacker where can I find a reference to all the code written by Crockford part of this repository? |
@hellais you can run a diff against the first commit to jshint (which would have been where the fork started), to the current HEAD |
Git tells me this:
Should not be that much... |
What @dcramer said. It won't be very useful, though, since I switched from spaces to tabs along the way. So you will need to do something like that:
Lexer was rewritten completely, parser was changed substantially and, to be honest, I don't think @douglascrockford is going to sue me if I change the license. But, still, I don't want to be a douchebag. :-) |
@antonkovalyov I think a regular diff will not work either because the code structure has drastically changed. I am looking into a possible way of determining which portions of the code are from the original author. Exploring possibilities such as simian or checkstyle http://checkstyle.sourceforge.net/config_duplicates.html. |
After extracting all the JS code from this head: 40e3f73 (the last commit by Running the two through the following similarity analyser:
And extracting the lines of code that appear to be present in both 40e3f73 and current master it appears these are the only lines of code left in this repository that were written by Douglas Crockford:
This is a quite trivial quantity. I do not know what is the best way to proceed here. I think it may be the case to ask a professional lawyer for help. |
BTW those are 195 lines of code in a project that has over 9000 lines of code. |
I may have no idea what's going on here, but I can't imagine that jshint rewrote 8800 lines of jslint |
I re-ran simian with a threshold of 2 (this means blocks of fewer similar lines will also be displayed) and I got 708 duplicate lines. @dcramer what would you suggest doing regarding refactoring out Crockford's code from jshint or getting the license changed? |
@hellais I'd suggest talking to a lawyer as I think anything else is likely to be pointing a gun squarely at some feet. |
The easy answer to this is that we would need to move away from the pratt parser to esprima. |
You know, you could just have a conversation with Douglas and find out his It would be significantly easier and would introduce zero risk to the
|
I'm fairly sure that Douglas has been asked about it before and has refused to re-license it. Looking it up I've found him joking about how he gets letters from lawyers about a similar clause in the JSON license http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears also someone from Debian legal has emailed him to ask about it and his response was if you don't like the license don't use it: http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html It's jsut a "silly little phrase" to you, but that silly little phrase can be the determining factor if the software is usable or not. Licenses are legally binding documents and given that there's no legal definition of what is and isn't evil it practically means that it is impossible to know whether any particular use of the code is allowed under the license. Because you can't know if it's ok to use the code as licensed companies (and organizations like Debian) will simply opt not to use it. |
This is unfortunately a common issue, and too bad, because I think that However, sometimes, author accept to change his mind, mainly if we explain Last request seems to be a few years ago, maybe that trying again and 2013/8/23 Donald Stufft notifications@github.com
gpg key id: 4096R/326D8438 (keyring.debian.org) Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 |
Oh, the old Good / Evil... IANAL, but this makes sense to me -> http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40728.html You can't argue about good / evil in any court if the terms ain't defined. |
@douglascrockford why not put that last bit in license instead; "...this software may not be used in the investigation, torture, and murder of patriots who dare to resist tyrants." <- from a shared http://good/considered_evil.txt |
@douglascrockford have you actually ever tried suing somebody that has used your software for evil? I bet the NSA uses JSHINT for their javascript projects and I think they are doing quite an amount of evil. It seems like your license has not been very effective at stopping them from doing so though... |
At this point JSHint covers more JavaScript (stable parts of ES6, Mozilla-specific extensions) and is more fail tolerant than Esprima so the switch isn't going to happen in near future.
:-) |
@hellais Did you read his link?
haha |
Anyway, I sent an email to @douglascrockford asking for an explicit permission to remove that clause from JSHint. If he grants one, I'll remove it. If he doesn't, Debian people will have to install JSHint through NPM or do some other workaround. To be honest, I'm getting tired of these not-true-open-source talks. Out of all things I need to do with JSHint this issue is probably the least important one. |
@OscarGodson The link seems purposefully inaccessible publicly. I get a Google+ error page ("This post could not be found"), which is its approximation for a 404. |
@thejameskyle That is the only license that needs changing. We'll be sure to update it as soon as we can |
Just found an older copy of jshint.js that made its way into a Drupal project. I'm having trouble following this issue. Is the "Good, not Evil" clause being removed? The activity in webjars/webjars#1127 makes me think that clause will remain. |
The best way to confirm that we're still working on this is to check my |
@jugglinmike I read that response the first time you posted it in response to @piotr1212 back in January, but I wasn't sue why someone would be working on getting the AND operator working properly in POM if you were merging this... so I asked. I was really hoping for > update and < snark. As part of Drupal's Licensing Working Group, we deal with licensing issues for a community with thousands of projects and contributors. I understand how frustrating it can be to get these resolved... and how thankless. SO THANK YOU! Unenforceable, non-standard licensing clauses like that are incredibly unproductive. While I'm guilty of my share of responses like this, you should be aware of how off putting this is for someone who isn't familiar with your project. Since there is nothing in the branch's README.md, description, an open PR with comments or in this issue indicating what still needs to be done, people are going to continue to periodically ask until this gets merged. If you are going to use a boilerplate response to anyone who asks, I'd suggest some changes. "I didn't intend to use it!" is != "we didn't intend to merge it". It would be less off putting to say something like... If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed. This file wasn't essential to the Drupal project so it was removed, but this issue is becoming a great case study in the ripple effect modifying a truly open and vetted license can have. Let me know if there is anything I can do to help get this resolved. |
I did not intend to be passive aggressive. I interpreted, "I'm having trouble following this issue" as, "I missed your response among all the other discussion". I appreciate your suggestion for a more complete explanation, and I agree that it is an improvement. I'll follow up with a more visible comment dedicated to that message. As for the issue you referenced: I think there's value for that project to be robust in its parsing of SPDX regardless of any specific project's current configuration. So it would make sense to resolve that issue generally... to me, anyway! |
Checking the Status of this EffortIf https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed. |
@jugglinmike its about 11 months since the last comment. I'd like to know the current status of this issue. |
Seriously? Another "Good, not Evil." license? What is the point of this? Please pick a real FSF approved or OSI approved license. |
@andreicristianpetcu: you're unnecessarily antagonistic because you're uninformed. do you know what jshint was forked off? once you do, carefully read this thread, then please apologize for the previous comment. |
@flying-sheep I read the thread. Sorry for the spam. |
Any progress on this issue? It's preventing us from including it in Fedora. |
Thanks for your interest, @eclipseo. I'd love for JSHint to be included in Fedora! Right now, we're trying to re-write a few targeted sections of the codebase. I cannot contribute directly due to my familiarity with the non-Free code. The same goes for many of our prior contributors, so I've been searching for new people with a passion for free software and a penchant for JavaScript. If you (or anyone else following along) know of anyone that fits the bill, please ask them to contact me (either on this thread or via my personal e-mail address). |
Well.... if it's written from scratch it does not matter who writes it. This is a copyright issue, not a patent issue. |
We are not currently attempting to re-write from scratch. I tried to communicate this in my previous response with the phrase, "a few targeted sections of the codebase." |
What is the current status ? |
Just came across this issue -- are you still looking for help? |
@ajakaja I am! Could you e-mail admin@jshint.org ? |
I approve of the author remaining true to his original commitment. If this was my creative work (or a derivative of it) I would also hold the Not Evil clause to the end. Now if some distro can't include the software in its repos because the definition of "free software" they insist to abide to is excessively strict - or shall I say narrow-minded, that is just too bad. Good job @douglascrockford and project maintainers. Edit: I must say that I technically agree that the license is non-free as it undoubtly imposes a restriction on what the software may be used for, even if an almost satirical one. The fact that distros don't include the sofware in their official repos on these grounds is just silly. |
Good news, everyone! We've just published JSHint 2.12.0, the first version to be completely licensed under the MIT Expact license. Details about the process are available on the project website. If anyone is still interested in packaging JSHint for a software repository, I'll be happy to help! |
Hi,
could you please modify the jshint.js license to be a real MIT license?
The "The Software shall be used for Good, not Evil." prevents library to be packaged in Debian and maybe other repo where code should really be free of use (yes, even evil). And honestly, if someone wants to use it for evil... well I don't think he will care about the license :-)
Thanks
Olivier
The text was updated successfully, but these errors were encountered: