Bug 608778 - python-webhelpers-1.0 contains a non-free file.
Summary: python-webhelpers-1.0 contains a non-free file.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: python-webhelpers
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Kyle VanderBeek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-28 16:18 UTC by Toshio Ernie Kuratomi
Modified: 2011-06-27 19:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-27 19:05:19 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Toshio Ernie Kuratomi 2010-06-28 16:18:30 UTC
Description of problem:

_jsmin.py is under a non-free software license.  This part of the terms and conditions renders the license non-free:
  # The Software shall be used for Good, not Evil.


Version-Release number of selected component (if applicable):

python-webhelpers-1.0-0.2.b7.fc13.noarch

This file is also present in upstream 1.0.0.

This file is not present in upstream 0.6.4

Steps to Reproduce:

yum install python-webhelpers
grep -ri 'Good, not Evil' /usr/lib/python2.6/site-packages/webhelpers

Additional Notes:

Short term, we can downgrade to an older python-webhelpers or strip out that file.  It's supposed to just be used internally but there's no guarantee there.  Maybe something like:

webhelpers/pylonslib/_jsmin.py::

raise ImportError('_jsmin has been removed due to having a non-free software license')

and in webhelpers/pylonslib/minify.py::

try:
    from _jsmin import JavascriptMinify
except ImportError:
    class JavascriptMinify(object):
        def minify(self, instream, outstream):
            data = instream.read()
            outstream.write(data)
            instream.close()

If lots of things depend directly on webhelpers.pylonslib._jsmin then we could replace it with a warning instead of ImportError and do our fake class definition there.

Long term we need to get with the python-webhelpers upstream and have them replace jsmin with something suitably licensed.

Comment 1 Toshio Ernie Kuratomi 2010-06-28 16:19:14 UTC
CC'ing spot for legal insights.

Comment 2 Toshio Ernie Kuratomi 2010-06-28 16:20:35 UTC
lmacken: I don't think that anything in pylons/TG2 is using _jsmin.py directly, are you aware of anything I don't?

Comment 3 Tom "spot" Callaway 2010-06-28 16:27:23 UTC
(In reply to comment #0)

> and in webhelpers/pylonslib/minify.py::
> 
> try:
>     from _jsmin import JavascriptMinify
> except ImportError:
>     class JavascriptMinify(object):
>         def minify(self, instream, outstream):
>             data = instream.read()
>             outstream.write(data)
>             instream.close()

Maybe also have it print out a comment line that explains why the code hasn't actually been minified.

We definitely need to reach out to the python-webhelpers upstream here.

Comment 4 Kyle VanderBeek 2010-06-28 19:22:35 UTC
I've reported it upstream and hope for a quick response.  Otherwise, I'll remove the functionality in one of the suggested ways.

http://bitbucket.org/bbangert/webhelpers/issue/39/non-free-license-of-_jsminpy-taints

Comment 5 Dave Malcolm 2010-06-28 20:50:47 UTC
For reference on jsmin see bug 455507 (IIRC, this is the original project from which various translated copies derive, and each seems to have inherited the poorly-written license from it)

Comment 6 Mike Orr 2010-08-09 22:11:00 UTC
I'm the python-webhelpers maintainer. I have written to Mr Crawford and asked for the license to be changed. Although based on the bug Malcolm cited, that is unlikely. If he refuses or doesn't respond, I'll incorporate the above patch, but issuing a Python warning rather than putting a comment in the output. (I'm not sure a comment is the right approach, because the person reading it would be the end user rather than the app developer. But maybe.)

I'll follow up in the WebHelpers bug because I'm not a Fedora user. But I would like to say, please include WebHelpers >= 1.0 and Pylons >= 1.0 in the next release. We're trying to get away from obsolete versions as quickly as possible. WebHelpers 1.1 will be released soon with a significant change in the literal() handling. If Fedora's release schedule is coming up soon, please let me know via the WebHelpers bug and I'll try to coordinate with it.

Comment 7 Toshio Kuratomi 2010-08-09 23:12:18 UTC
Hey Mike, here's our schedule for Fedora 13: http://fedoraproject.org/wiki/Schedule

In our release terminology, Alpha is supposed to be the cutoff for API changes (although we can fudge sometimes) which has just passed.  In this case, it looks like we currently have:

python-webhelpers-1.0-2.src.rpm
python-pylons-1.0-2.fc14.src.rpm

Kylev is the package maintainer and can decide whether we should upgrade despite API changes (and if there's no API changes, we can go ahead and update to the next revision right away).

Thanks for the feedback!

Comment 8 Mike Orr 2010-08-10 00:44:02 UTC
Fixed in WebHelpers revision 103c5a6124b8 (pre 1.1). Mr Crockford replied, refusing to change the license. I found a "jsmin" package on PyPI, which contains a derived version of the same code. The helper has been changed to use this external package if it's installed; otherwise it passes the Javascript through unchanged and issues a warning.  The _jsmin module has been replaced with a stub that raises ImportError and has a comment explaining the situation.

Comment 9 Mike Orr 2010-08-10 01:37:07 UTC
Released WebHelpers 1.1 with the above change. I'll save the other changes for 1.2.

Comment 10 Bug Zapper 2011-06-01 15:20:51 UTC
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 11 Bug Zapper 2011-06-27 19:05:19 UTC
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.