Bug 506056 - Review Request: zikula-module-scribite - The scribite! module for Zikula allows integration of various text editors
Summary: Review Request: zikula-module-scribite - The scribite! module for Zikula allo...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Toshio Ernie Kuratomi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 505940
TreeView+ depends on / blocked
 
Reported: 2009-06-15 12:30 UTC by eric
Modified: 2009-08-12 19:50 UTC (History)
7 users (show)

Fixed In Version: 3.2-3.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-27 21:34:26 UTC
Type: ---
Embargoed:
a.badger: fedora-review+
j: fedora-cvs+


Attachments (Terms of Use)

Description eric 2009-06-15 12:30:05 UTC
Spec URL: http://sparks.fedorapeople.org/Packages/zikula-module-scribite/zikula-module-scribite.spec

SRPM URL: http://sparks.fedorapeople.org/Packages/zikula-module-scribite/zikula-module-scribite-3.1-1.fc11.src.rpm

Description: scribite! is a module for easy integration of  WYSIWYG scripts Xinha, TinyMCE,
FCKeditor, openWYSIWYG, NicEdit or YUI Rich Text Editor into textarea fields in
order to make text editing a little bit nicer and more comfortable for users.

Comment 1 Toshio Ernie Kuratomi 2009-06-18 00:13:55 UTC
A couple easy ones that I found before the licensing audit:

* Summary does not need to repeat the module name.  Maybe something like::
  Integration of several JavaScript text editors with Zikula
* Includes JavaScript libraries.  Until JavaScript Guidelines are approved, this is okay.  Once they are we'll have to package the JavaScript libraries separately and then have this package link to them (perhaps with a literal symlink).

Here's the big one:
* Licensing violations :-(
  Most of the files are a mix of GPLv2+, LGPLv2+ (Might have some v2 only but I haven't checked yet), and BSD.  This places the module as a whole under the GPLv2+ (or v2 if there's any v2 only code).  So far this is fine.  But we do have some GPL incompatible licensed code as well that we have to deal with, either by getting rid of it (some things aren't necessary) or rewriting or relicensing:
(Note scribite/modules/scribite/pndocs/fckeditor_license.txt is licensed under MPLv1.1+ or GPLv2+ or LGPLv2+.  This is fine)

Creative Commons Licenses: No CC licenses are GPL compatible:
This one could be a problem:
* scribite/modules/scribite/pnjavascript/window.js: Some of the file is MIT-like.  But about three-quarters of the way through the file we have: Licensed under the Creative Commons Attribution 2.5 License - http://creativecommons.org/licenses/by/2.5/

* scribite/javascript/scribite_editors/xinha/skins/inditreuse/README:This work is licensed under the Creative Commons Attribution-ShareAlike License.
* scribite/javascript/scribite_editors/xinha/skins/titan/README:This work is licensed under the Creative Commons Attribution-ShareAlike License.
* scribite/javascript/scribite_editors/xinha/plugins/CharacterMap/character-map.js: license : "Creative Commons Attribution-ShareAlike License"
* scribite/javascript/scribite_editors/xinha/plugins/HtmlEntities/html-entities.js: license : "Creative Commons Attribution-ShareAlike License"
* scribite/javascript/scribite_editors/xinha/plugins/ListType/list-type.js: license : "Creative Commons Attribution-ShareAlike License"

PHP License:
PHP License v3 is definitely GPL incompatible.  I do not know if PHP License v2.02 is also.

* scribite/javascript/scribite_editors/xinha/plugins/ImageManager/Classes/GD.php: This is licensed under the php-2.02 license.
* scribite/javascript/scribite_editors/xinha/plugins/ImageManager/Classes/NetPBM.php: This is licensed under the php-2.02 license.
* scribite/javascript/scribite_editors/xinha/plugins/ImageManager/Classes/IM.php: This is licensed under the php-2.02 license.
scribite/javascript/scribite_editors/xinha/plugins/ImageManager/Classes/Transform.php


MPL:
Unless the MPL lists other licenses that the work can be released under (ie,dual licensed with GPL) this is incompatible with the GPL

scribite/javascript/scribite_editors/tiny_mce/filemanager/connectors/php/Commands/helpers/header.cgi: MPLv1.1
scribite/javascript/scribite_editors/tiny_mce/filemanager/connectors/php/Commands/helpers/progress.cgi: MPLv1.1
scribite/javascript/scribite_editors/tiny_mce/filemanager/connectors/php/Commands/helpers/upload.cgi: MPLv1.1

itbegins thinks that with the exception of scribite/modules/scribite/pnjavascript/window.js, all of these files are optional and we could remove them when we package.  window.js might be optional as well, but he's not sure.

Comment 2 David Nalley 2009-06-18 02:11:10 UTC
I contacted upstream about these issues: 

http://groups.google.com/group/zikula-discussions/browse_thread/thread/7035a2a62e86e8d4#

Comment 3 David Nalley 2009-06-23 14:48:50 UTC
Upstream reports they believe they have fixed the licensing issues and have a new download here:

http://code.zikula.org/scribite/downloads/23

Comment 4 eric 2009-06-23 18:16:00 UTC
SRPM URL: http://sparks.fedorapeople.org/Packages/zikula-module-scribite/zikula-module-scribite-3.2-1.src.rpm

SPEC URL: http://sparks.fedorapeople.org/Packages/zikula-module-scribite/zikula-module-scribite.spec

I checked the locations where the non-GPL licenses were discovered last time and did not find those files in the current release.  Other issues were addressed and rpmlint was used to verify no errors in the SPEC and SRPM files.

Comment 5 Toshio Ernie Kuratomi 2009-06-24 00:50:36 UTC
xinha still has CC licenses.

just one  example: ./javascript/scribite_editors/xinha/images/tango/COPYING:

Comment 6 Jason Tibbitts 2009-07-06 00:07:25 UTC
Looks like the fedora-review flag should be set here.

Comment 7 eric 2009-07-10 01:46:17 UTC
(In reply to comment #3)
@David
Have you heard anything else about these licensing issues?

Comment 8 David Nalley 2009-07-10 02:28:41 UTC
I have not

Comment 9 Toshio Ernie Kuratomi 2009-07-15 09:04:26 UTC
GOOD:                                                          
* Named according to naming guidelines                         
* specfile named appropriately                                 
* spec file is legible and in English                          
* Package builds on i86                                        
* Package build in koji                                        
* Not a dnamic library                                         
* Not relocatable                                              
* Package owns all directories it creates                      
* Permissions set appropriately                                
* Proper %clean section                                        
* macros used consistently                                     


NEEDSWORK:
* Licensing -- see previous comments
  - The tango images are the only place I found CC licenses.  Perhaps we can
    remove the tango skin?                                                  
* License tag: We can't straighten this out until we figure out what to do  
  about the incompatible licenses but we will want to list the different    
  licenses that things fall under.  So it might look something like this    
  (Please verify/update/add once we figure out how we're going to resolve all
  the licensing problems):                                                   
  License: GPLv2+ and LGPLv2+ and BSD and (GPLv2+ or MPLv1.1+ or LGPL2+) and MIT
  - And a comment that explains what licenses relate to what files.             
    + Yes, this is painful to audit and record :-(                              
* Source comment needs to be updated in the spec file to reflect the current    
  location.                                                                     
  - http://code.zikula.org/scribite/downloads/19 references an older release    
  - http://code.zikula.org/scribite/downloads/23 does not exist                 
* rpmlint:                                                                      
zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding /usr/share/doc/zikula-module-scribite-3.2/Snoopy_gpl_license.txt
zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding /usr/share/doc/zikula-module-scribite-3.2/changelog.txt
zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding /usr/share/doc/zikula-module-scribite-3.2/tinymce_lgpl_license.txt
zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding /usr/share/doc/zikula-module-scribite-3.2/openwysiwyg_license.txt
zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding /usr/share/doc/zikula-module-scribite-3.2/fckeditor_license.txt
2 packages and 0 specfiles checked; 0 errors, 5 warnings.

These can be fixed with dos2unix or sed:

%{__sed} -i 's/\r//' pndocs/changelog.txt pndocs/Snoopy_gpl_license.txt pndocs/tinymce_lgpl_license.txt pndocs/openwysiwyg_license.txt pndocs/fckeditor_license.txt

TO RESOLVE IN THE FUTURE:
* There are language files in this package but they aren't standard gettext po
  files.  They are javascript.  We probably want to mark these as belonging to
  the relevant language but we don't have any tools to help with this at the
  moment

Comment 11 eric 2009-07-16 03:31:20 UTC
(In reply to comment #9)
> NEEDSWORK:
> * Licensing -- see previous comments
>   - The tango images are the only place I found CC licenses.  Perhaps we can
>     remove the tango skin?                                                  
> * License tag: We can't straighten this out until we figure out what to do  
>   about the incompatible licenses but we will want to list the different    
>   licenses that things fall under.  So it might look something like this    
>   (Please verify/update/add once we figure out how we're going to resolve all
>   the licensing problems):                                                   
>   License: GPLv2+ and LGPLv2+ and BSD and (GPLv2+ or MPLv1.1+ or LGPL2+) and
> MIT

I see GPLv2+ and LGPLv2+ listed.  I've annotated GPL+ in the SPEC.  The one instance I can find of MIT says that the particular code can be licensed under GPL, something else, or MIT so it isn't specifically licensed under MIT.

>   - And a comment that explains what licenses relate to what files.             
>     + Yes, this is painful to audit and record :-(                              

It would appear that the different license documents explain what they are covering by their title.

> * Source comment needs to be updated in the spec file to reflect the current    
>   location.                                                                     
>   - http://code.zikula.org/scribite/downloads/19 references an older release    
>   - http://code.zikula.org/scribite/downloads/23 does not exist  

This has been fixed by utilizing http://fedoraproject.org/wiki/Packaging/SourceURL#Using_Revision_Control.
               
> * rpmlint:                                                                      
> zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding
> /usr/share/doc/zikula-module-scribite-3.2/Snoopy_gpl_license.txt
> zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding
> /usr/share/doc/zikula-module-scribite-3.2/changelog.txt
> zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding
> /usr/share/doc/zikula-module-scribite-3.2/tinymce_lgpl_license.txt
> zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding
> /usr/share/doc/zikula-module-scribite-3.2/openwysiwyg_license.txt
> zikula-module-scribite.noarch: W: wrong-file-end-of-line-encoding
> /usr/share/doc/zikula-module-scribite-3.2/fckeditor_license.txt
> 2 packages and 0 specfiles checked; 0 errors, 5 warnings.
> 
> These can be fixed with dos2unix or sed:
> 
> %{__sed} -i 's/\r//' pndocs/changelog.txt pndocs/Snoopy_gpl_license.txt
> pndocs/tinymce_lgpl_license.txt pndocs/openwysiwyg_license.txt
> pndocs/fckeditor_license.txt

Fixed.  RPMLINT all clean, now.

Comment 13 Toshio Ernie Kuratomi 2009-07-17 09:22:08 UTC
Okay, everything's good except for the licensing:

* spec should have GPLv2+.  Looks like everything can be used under GPLv2+ and two of the editors specify the version as 2 or later.

* The three directories I found that have CC licensed code and need to be stripped are::
javascript/scribite_editors/xinha/skins/inditreuse
javascript/scribite_editors/xinha/skins/titan
javascript/scribite_editors/xinha/iconsets/Tango

Once we resolve those this can be approved.

Comment 16 Toshio Ernie Kuratomi 2009-07-24 06:39:48 UTC
Licensing issues are taken care of in this new upstream zipfile.  It looks like the license tag in the spec file should be GPLv2+ rather than GPLv2.  You can fix that when you import.

APPROVED

Comment 17 eric 2009-07-24 12:29:29 UTC
New Package CVS Request
=======================
Package Name: zikula-module-scribite
Short Description: Integration of several JavaScript text editors with Zikula
Owners: sparks ke4qqq
Branches: F-10 F-11 EL-5
InitialCC:

Comment 18 Jason Tibbitts 2009-07-24 19:22:38 UTC
CVS done.

Comment 19 Fedora Update System 2009-07-25 00:11:48 UTC
zikula-module-scribite-3.2-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/zikula-module-scribite-3.2-3.fc11

Comment 20 Fedora Update System 2009-07-25 00:18:56 UTC
zikula-module-scribite-3.2-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/zikula-module-scribite-3.2-3.fc10

Comment 21 Fedora Update System 2009-07-25 00:27:31 UTC
zikula-module-scribite-3.2-3.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/zikula-module-scribite-3.2-3.el5

Comment 22 Fedora Update System 2009-07-27 05:49:18 UTC
zikula-module-scribite-3.2-3.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update zikula-module-scribite'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0122

Comment 23 Fedora Update System 2009-07-27 21:34:16 UTC
zikula-module-scribite-3.2-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 24 Fedora Update System 2009-07-27 21:37:15 UTC
zikula-module-scribite-3.2-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2009-08-12 19:50:11 UTC
zikula-module-scribite-3.2-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.