Description of problem: _jsmin.py is under a non-free software license. This part of the terms and conditions renders the license non-free: # The Software shall be used for Good, not Evil. Version-Release number of selected component (if applicable): python-webhelpers-1.0-0.2.b7.fc13.noarch This file is also present in upstream 1.0.0. This file is not present in upstream 0.6.4 Steps to Reproduce: yum install python-webhelpers grep -ri 'Good, not Evil' /usr/lib/python2.6/site-packages/webhelpers Additional Notes: Short term, we can downgrade to an older python-webhelpers or strip out that file. It's supposed to just be used internally but there's no guarantee there. Maybe something like: webhelpers/pylonslib/_jsmin.py:: raise ImportError('_jsmin has been removed due to having a non-free software license') and in webhelpers/pylonslib/minify.py:: try: from _jsmin import JavascriptMinify except ImportError: class JavascriptMinify(object): def minify(self, instream, outstream): data = instream.read() outstream.write(data) instream.close() If lots of things depend directly on webhelpers.pylonslib._jsmin then we could replace it with a warning instead of ImportError and do our fake class definition there. Long term we need to get with the python-webhelpers upstream and have them replace jsmin with something suitably licensed.
CC'ing spot for legal insights.
lmacken: I don't think that anything in pylons/TG2 is using _jsmin.py directly, are you aware of anything I don't?
(In reply to comment #0) > and in webhelpers/pylonslib/minify.py:: > > try: > from _jsmin import JavascriptMinify > except ImportError: > class JavascriptMinify(object): > def minify(self, instream, outstream): > data = instream.read() > outstream.write(data) > instream.close() Maybe also have it print out a comment line that explains why the code hasn't actually been minified. We definitely need to reach out to the python-webhelpers upstream here.
I've reported it upstream and hope for a quick response. Otherwise, I'll remove the functionality in one of the suggested ways. http://bitbucket.org/bbangert/webhelpers/issue/39/non-free-license-of-_jsminpy-taints
For reference on jsmin see bug 455507 (IIRC, this is the original project from which various translated copies derive, and each seems to have inherited the poorly-written license from it)
I'm the python-webhelpers maintainer. I have written to Mr Crawford and asked for the license to be changed. Although based on the bug Malcolm cited, that is unlikely. If he refuses or doesn't respond, I'll incorporate the above patch, but issuing a Python warning rather than putting a comment in the output. (I'm not sure a comment is the right approach, because the person reading it would be the end user rather than the app developer. But maybe.) I'll follow up in the WebHelpers bug because I'm not a Fedora user. But I would like to say, please include WebHelpers >= 1.0 and Pylons >= 1.0 in the next release. We're trying to get away from obsolete versions as quickly as possible. WebHelpers 1.1 will be released soon with a significant change in the literal() handling. If Fedora's release schedule is coming up soon, please let me know via the WebHelpers bug and I'll try to coordinate with it.
Hey Mike, here's our schedule for Fedora 13: http://fedoraproject.org/wiki/Schedule In our release terminology, Alpha is supposed to be the cutoff for API changes (although we can fudge sometimes) which has just passed. In this case, it looks like we currently have: python-webhelpers-1.0-2.src.rpm python-pylons-1.0-2.fc14.src.rpm Kylev is the package maintainer and can decide whether we should upgrade despite API changes (and if there's no API changes, we can go ahead and update to the next revision right away). Thanks for the feedback!
Fixed in WebHelpers revision 103c5a6124b8 (pre 1.1). Mr Crockford replied, refusing to change the license. I found a "jsmin" package on PyPI, which contains a derived version of the same code. The helper has been changed to use this external package if it's installed; otherwise it passes the Javascript through unchanged and issues a warning. The _jsmin module has been replaced with a stub that raises ImportError and has a comment explaining the situation.
Released WebHelpers 1.1 with the above change. I'll save the other changes for 1.2.
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.