Please change jshint.js license, remove bad or evil

[osallou]

Hi,
could you please modify the jshint.js license to be a real MIT license?

The "The Software shall be used for Good, not Evil." prevents library to be packaged in Debian and maybe other repo where code should really be free of use (yes, even evil). And honestly, if someone wants to use it for evil... well I don't think he will care about the license :-)

Thanks

Olivier

[manix84]

I don't know is this can ever happen, as the "bad or evil" licence is the original software licence for JSLint.

[hellais]

I also think this should happen as soon as possible as this is a major obstacle to shipping also other pieces of software.

Se as an example this very sad thread on the debian bug reporter: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673727.

[goatslacker]

This isn't possible without removing all Crockford code from JSHINT. It can definitely happen though.

[valueof]

I need input from someone who understands legal. (I don't)

[dcramer]

I'm pretty sure @goatslacker is correct. You could ask Crockford to change his license :)

[hellais]

@goatslacker where can I find a reference to all the code written by Crockford part of this repository?

[dcramer]

@hellais you can run a diff against the first commit to jshint (which would have been where the fork started), to the current HEAD

[hellais]

Git tells me this:

web/jshint - [master] » git log --author="Douglas Crockford" --oneline --shortstat
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
40e3f73 It
 1 file changed, 1 insertion(+), 1 deletion(-)
7c327bf Tolerate stupid blockless blocks.
 1 file changed, 21 insertions(+), 13 deletions(-)
8d1c4eb clarification
 1 file changed, 3 insertions(+), 3 deletions(-)
5675d2c http://tech.groups.yahoo.com/group/jslint_com/message/1730
 5 files changed, 2752 insertions(+), 2847 deletions(-)
73c2fe3 indent
 1 file changed, 4 insertions(+), 3 deletions(-)
d41c211 http://tech.groups.yahoo.com/group/jslint_com/
 1 file changed, 2 insertions(+)
d7896b2 step_in step_out
 1 file changed, 18 insertions(+), 5 deletions(-)
85c95ac for var
 1 file changed, 4 insertions(+), 5 deletions(-)
caa8885 use strict
 2 files changed, 5 insertions(+), 4 deletions(-)
1da55dd http://www.yuiblog.com/blog/2010/12/14/strict-mode-is-coming-to-town/
 2 files changed, 7 insertions(+), 8 deletions(-)
b6d8b25 use strict
 4 files changed, 25 insertions(+), 25 deletions(-)
dc4a013 JSON escape v
 1 file changed, 5 insertions(+), 2 deletions(-)
80a2252 JSON escape single quote
 1 file changed, 5 insertions(+), 1 deletion(-)
bdd3576 k
 4 files changed, 8 insertions(+), 6 deletions(-)
6735394 Cleanup.
 2 files changed, 159 insertions(+), 167 deletions(-)
00d8d1f option.predef
 1 file changed, 2 insertions(+), 2 deletions(-)
6af839a option.predef
 2 files changed, 91 insertions(+), 66 deletions(-)
c933206 Warn on new Array(NUMBER)
 1 file changed, 2 insertions(+), 17 deletions(-)
f73d206 Add fullinit_ui.js, an ADsafe widget
 3 files changed, 159 insertions(+), 5 deletions(-)
523956b Removing rhino.js and wsh.js. Other projects are providing better alternatives.
 4 files changed, 4 insertions(+), 67 deletions(-)
d98f753 dangerous comments
 1 file changed, 1 insertion(+), 1 deletion(-)
35ec4a5 groove
 5 files changed, 95 insertions(+), 203 deletions(-)
d4a0702 More css colors
 1 file changed, 99 insertions(+), 64 deletions(-)
eb939e7 Use charAt instead of [] in line 1786.
 2 files changed, 0 insertions(+), 0 deletions(-)
7800939 Add README
 1 file changed, 20 insertions(+)
ca120a7 first commit
 6 files changed, 7011 insertions(+)

Should not be that much...

[valueof]

What @dcramer said. It won't be very useful, though, since I switched from spaces to tabs along the way. So you will need to do something like that:

1. Checkout first JSHint commit. Convert it to tabs.
2. Checkout latest JSHint commit.
3. Diff (1) and (2) using a normal diff tool.

Lexer was rewritten completely, parser was changed substantially and, to be honest, I don't think @douglascrockford is going to sue me if I change the license. But, still, I don't want to be a douchebag. :-)

[hellais]

@antonkovalyov I think a regular diff will not work either because the code structure has drastically changed. I am looking into a possible way of determining which portions of the code are from the original author.

Exploring possibilities such as simian or checkstyle http://checkstyle.sourceforge.net/config_duplicates.html.

[hellais]

After extracting all the JS code from this head: 40e3f73 (the last commit by git log --author="Douglas Crockford") and comparing that with all the js under the src/*.js root of the current master.

Running the two through the following similarity analyser:

Similarity Analyser 2.3.34 - http://www.harukizaemon.com/simian
Copyright (c) 2003-2013 Simon Harris.  All rights reserved.
Simian is not free unless used solely for non-commercial or evaluation purposes.

And extracting the lines of code that appear to be present in both 40e3f73 and current master it appears these are the only lines of code left in this repository that were written by Douglas Crockford:

----------------------
                lbp: p,
                value: s
            };
        }
        return x;
    }

    function delim(s) {
        return symbol(s, 0);
    }


----------------------
----------------------
        identifier: true,
        nud: function () {
            var v = this.value,
                s = scope[v],
                f;

            if (typeof s === "function") {

----------------------
----------------------
        member = {};
        membersOnly = null;
        implied = {};
        inblock = false;
        lookahead = [];
        warnings = 0;
        unuseds = [];

----------------------
----------------------
    confirm: false,
    console: false,
    Debug  : false,
    opera  : false,
    prompt : false
};


----------------------
----------------------
        }

        if (!a) {
            a = [line];
            implied[name] = a;
        } else if (a[a.length - 1] !== line) {
            a.push(line);
        }
    }

----------------------
----------------------
                char = this.peek(index);
                if (!isDecimalDigit(char)) {
                    break;
                }
                value += char;
                index += 1;
            }
        }

----------------------
----------------------
    }

    function warningAt(m, l, ch, a, b, c, d) {
        return warning(m, {
            line: l,
            from: ch
        }, a, b, c, d);
    }

    function error(m, t, a, b, c, d) {
        warning(m, t, a, b, c, d);
    }

----------------------
----------------------
        };
        return x;
    }

    function type(s, f) {
        var x = delim(s);
        x.type = s;
        x.nud = f;
        return x;
    }


----------------------
----------------------
                                    case '<':
                                        if (xmode === 'script') {
                                            c = s.charAt(l);
                                            if (c === '!' || c === '/') {
                                                warningAt(
"HTML confusion in regular expression '<{a}'.", line, from + l, c);
                                            }
                                        }

----------------------
----------------------
            Object              : false,
            parseInt            : false,
            parseFloat          : false,
            RangeError          : false,
            ReferenceError      : false,
            RegExp              : false,
            String              : false,
            SyntaxError         : false,

----------------------
----------------------
            Function            : false,
            hasOwnProperty      : false,
            isFinite            : false,
            isNaN               : false,
            JSON                : false,
            Math                : false,
            Number              : false,
            Object              : false,

----------------------
----------------------
    Boolean            : false,
    Date               : false,
    decodeURI          : false,
    decodeURIComponent : false,
    encodeURI          : false,
    encodeURIComponent : false,
    Error              : false,
    "eval"             : false,
    EvalError          : false,

----------------------
----------------------
            onbeforeunload  : true,
            onblur          : true,
            onerror         : true,
            onfocus         : true,
            onload          : true,
            onresize        : true,
            onunload        : true,
            open            : false,
            opener          : false,
            Option          : false,

----------------------
----------------------
        }
    }

    // We need a peek function. If it has an argument, it peeks that much farther
    // ahead. It is used to distinguish
    //     for ( var i in ...
    // from
    //     for ( var i = ...

    function peek(p) {
        var i = p || 0, j = 0, t;

        while (j <= i) {
            t = lookahead[j];
            if (!t) {
                t = lookahead[j] = lex.token();
            }
            j += 1;
        }
        return t;
    }

    // Produce the next token. It looks for programming errors.

    function advance(id, t) {
        switch (state.tokens.curr.id) {
        case "(number)":

----------------------
----------------------
            Option          : false,
            parent          : false,
            print           : false,
            removeEventListener: false,
            resizeBy        : false,
            resizeTo        : false,
            screen          : false,
            scroll          : false,
            scrollBy        : false,
            scrollTo        : false,
            setInterval     : false,
            setTimeout      : false,

----------------------
----------------------
            loadClass   : false,
            print       : false,
            quit        : false,
            readFile    : false,
            readUrl     : false,
            runCommand  : false,
            seal        : false,
            serialize   : false,
            spawn       : false,
            sync        : false,
            toint32     : false,
            version     : false
        },


----------------------
----------------------
                    name: n,
                    line: implied[n]
                });
            }
        }

        if (implieds.length > 0) {
            data.implieds = implieds;
        }

        if (urls.length > 0) {
            data.urls = urls;
        }

        globals = Object.keys(scope);
        if (globals.length > 0) {
            data.globals = globals;
        }

        for (i = 1; i < functions.length; i += 1) {
            f = functions[i];
            fu = {};

            for (j = 0; j < functionicity.length; j += 1) {
                fu[functionicity[j]] = [];
            }


----------------------

This is a quite trivial quantity.

I do not know what is the best way to proceed here. I think it may be the case to ask a professional lawyer for help.

[hellais]

BTW those are 195 lines of code in a project that has over 9000 lines of code.

[dcramer]

I may have no idea what's going on here, but I can't imagine that jshint rewrote 8800 lines of jslint

[hellais]

I re-ran simian with a threshold of 2 (this means blocks of fewer similar lines will also be displayed) and I got 708 duplicate lines.

@dcramer what would you suggest doing regarding refactoring out Crockford's code from jshint or getting the license changed?

[dstufft]

@hellais I'd suggest talking to a lawyer as I think anything else is likely to be pointing a gun squarely at some feet.

[goatslacker]

The easy answer to this is that we would need to move away from the pratt parser to esprima.

[dancrumb]

You know, you could just have a conversation with Douglas and find out his
thoughts on the matter, instead of trying to remove all of his code.

It would be significantly easier and would introduce zero risk to the
codebase. Trying to refactor the code because of a silly little phrase in a
license seems a little excessive.
On Aug 22, 2013 7:01 PM, "Josh Perez" notifications@github.com wrote:

The easy answer to this is that we would need to move away from the pratt
parser to esprima.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1234#issuecomment-23135309
.

[dstufft]

I'm fairly sure that Douglas has been asked about it before and has refused to re-license it. Looking it up I've found him joking about how he gets letters from lawyers about a similar clause in the JSON license http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears also someone from Debian legal has emailed him to ask about it and his response was if you don't like the license don't use it: http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can be the determining factor if the software is usable or not. Licenses are legally binding documents and given that there's no legal definition of what is and isn't evil it practically means that it is impossible to know whether any particular use of the code is allowed under the license. Because you can't know if it's ok to use the code as licensed companies (and organizations like Debian) will simply opt not to use it.

[osallou]

This is unfortunately a common issue, and too bad, because I think that
people willing to do evil won't care about the license....

However, sometimes, author accept to change his mind, mainly if we explain
him it blocks many other software using his software.

Last request seems to be a few years ago, maybe that trying again and
again....

2013/8/23 Donald Stufft notifications@github.com

I'm fairly sure that Douglas has been asked about it before and has
refused to re-license it. Looking it up I've found him joking about how he
gets letters from lawyers about a similar clause in the JSON license
http://dev.hasenj.org/post/3272592502/ibm-and-its-minions. It appears
also someone from Debian legal has emailed him to ask about it and his
response was if you don't like the license don't use it:
http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40718.html

It's jsut a "silly little phrase" to you, but that silly little phrase can
be the determining factor if the software is usable or not. Licenses are
legally binding documents and given that there's no legal definition of
what is and isn't evil it practically means that it is impossible to know
whether any particular use of the code is allowed under the license.
Because you can't know if it's ok to use the code as licensed companies
(and organizations like Debian) will simply opt not to use it.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1234#issuecomment-23143534
.

gpg key id: 4096R/326D8438 (keyring.debian.org)

Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438

[asbjornenge]

Oh, the old Good / Evil... IANAL, but this makes sense to me -> http://www.mail-archive.com/debian-legal%40lists.debian.org/msg40728.html

You can't argue about good / evil in any court if the terms ain't defined.

[douglascrockford]

https://plus.google.com/118095276221607585885/posts/13shsS2bAEY

[asbjornenge]

@douglascrockford why not put that last bit in license instead; "...this software may not be used in the investigation, torture, and murder of patriots who dare to resist tyrants." <- from a shared http://good/considered_evil.txt
👍 form me!

[hellais]

@douglascrockford have you actually ever tried suing somebody that has used your software for evil?

I bet the NSA uses JSHINT for their javascript projects and I think they are doing quite an amount of evil. It seems like your license has not been very effective at stopping them from doing so though...

[valueof]

The easy answer to this is that we would need to move away from the pratt parser to esprima.

At this point JSHint covers more JavaScript (stable parts of ES6, Mozilla-specific extensions) and is more fail tolerant than Esprima so the switch isn't going to happen in near future.

I bet the NSA uses JSHINT for their javascript projects

:-)

[OscarGodson]

@hellais Did you read his link?

It is not effective at all, but it at least states my intention.

haha

[valueof]

Anyway, I sent an email to @douglascrockford asking for an explicit permission to remove that clause from JSHint. If he grants one, I'll remove it. If he doesn't, Debian people will have to install JSHint through NPM or do some other workaround.

To be honest, I'm getting tired of these not-true-open-source talks. Out of all things I need to do with JSHint this issue is probably the least important one.

[espadrine]

@OscarGodson The link seems purposefully inaccessible publicly. I get a Google+ error page ("This post could not be found"), which is its approximation for a 404.

[valueof]

Case closed, license shall remain the same:

[jugglinmike]

@thejameskyle That is the only license that needs changing. We'll be sure to update it as soon as we can

[kreynen]

Just found an older copy of jshint.js that made its way into a Drupal project. I'm having trouble following this issue. Is the "Good, not Evil" clause being removed? The activity in webjars/webjars#1127 makes me think that clause will remain.

[jugglinmike]

The best way to confirm that we're still working on this is to check my master-free branch -- I certainly wouldn't be keeping that in sync if I didn't intend to use it!

[kreynen]

@jugglinmike I read that response the first time you posted it in response to @piotr1212 back in January, but I wasn't sue why someone would be working on getting the AND operator working properly in POM if you were merging this... so I asked. I was really hoping for > update and < snark.

As part of Drupal's Licensing Working Group, we deal with licensing issues for a community with thousands of projects and contributors. I understand how frustrating it can be to get these resolved... and how thankless.

SO THANK YOU! Unenforceable, non-standard licensing clauses like that are incredibly unproductive.

While I'm guilty of my share of responses like this, you should be aware of how off putting this is for someone who isn't familiar with your project.

Since there is nothing in the branch's README.md, description, an open PR with comments or in this issue indicating what still needs to be done, people are going to continue to periodically ask until this gets merged.

If you are going to use a boilerplate response to anyone who asks, I'd suggest some changes. "I didn't intend to use it!" is != "we didn't intend to merge it". It would be less off putting to say something like...

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

This file wasn't essential to the Drupal project so it was removed, but this issue is becoming a great case study in the ripple effect modifying a truly open and vetted license can have. Let me know if there is anything I can do to help get this resolved.

[jugglinmike]

I did not intend to be passive aggressive. I interpreted, "I'm having trouble following this issue" as, "I missed your response among all the other discussion". I appreciate your suggestion for a more complete explanation, and I agree that it is an improvement. I'll follow up with a more visible comment dedicated to that message.

As for the issue you referenced: I think there's value for that project to be robust in its parsing of SPDX regardless of any specific project's current configuration. So it would make sense to resolve that issue generally... to me, anyway!

[jugglinmike]

Checking the Status of this Effort

If https://github.com/jugglinmike/jshint/tree/master-free is being updated, we are actively working on resolving this. Limited resources prevent us from posting status updates as often we'd like, but this issue will remain open until the "Good, not Evil" clause is removed.

[pravi]

@jugglinmike its about 11 months since the last comment. I'd like to know the current status of this issue.

[andreicristianpetcu]

Seriously? Another "Good, not Evil." license? What is the point of this? Please pick a real FSF approved or OSI approved license.

[flying-sheep]

@andreicristianpetcu: you're unnecessarily antagonistic because you're uninformed.

do you know what jshint was forked off? once you do, carefully read this thread, then please apologize for the previous comment.

[andreicristianpetcu]

@flying-sheep I read the thread. Sorry for the spam.

[eclipseo]

Any progress on this issue? It's preventing us from including it in Fedora.

[jugglinmike]

Thanks for your interest, @eclipseo. I'd love for JSHint to be included in Fedora! Right now, we're trying to re-write a few targeted sections of the codebase. I cannot contribute directly due to my familiarity with the non-Free code. The same goes for many of our prior contributors, so I've been searching for new people with a passion for free software and a penchant for JavaScript. If you (or anyone else following along) know of anyone that fits the bill, please ask them to contact me (either on this thread or via my personal e-mail address).

[andreicristianpetcu]

Well.... if it's written from scratch it does not matter who writes it. This is a copyright issue, not a patent issue.

[jugglinmike]

We are not currently attempting to re-write from scratch. I tried to communicate this in my previous response with the phrase, "a few targeted sections of the codebase."

[bastien-roucaries]

What is the current status ?

[ajakaja]

The same goes for many of our prior contributors, so I've been searching for new people with a passion for free software and a penchant for JavaScript. If you (or anyone else following along) know of anyone that fits the bill, please ask them to contact me (either on this thread or via my personal e-mail address).

Just came across this issue -- are you still looking for help?

[jugglinmike]

@ajakaja I am! Could you e-mail admin@jshint.org ?

[ranolfi]

I approve of the author remaining true to his original commitment. If this was my creative work (or a derivative of it) I would also hold the Not Evil clause to the end.
The clause is open to interpretation (and certainly won't hold in court, nor was the author's intend that it ever could, I'm sure) for a reason. And the reason might be a moral one, a sense of humor, or probably a mixture of both.

Now if some distro can't include the software in its repos because the definition of "free software" they insist to abide to is excessively strict - or shall I say narrow-minded, that is just too bad.

Good job @douglascrockford and project maintainers.

Edit: I must say that I technically agree that the license is non-free as it undoubtly imposes a restriction on what the software may be used for, even if an almost satirical one. The fact that distros don't include the sofware in their official repos on these grounds is just silly.

[jugglinmike]

Good news, everyone! We've just published JSHint 2.12.0, the first version to be completely licensed under the MIT Expact license. Details about the process are available on the project website.

If anyone is still interested in packaging JSHint for a software repository, I'll be happy to help!