Conversation
Notices
-
@arunisaac I know @hannes2peer has complained lots about how sucky/difficult #LibreJS is. It's apparently hard to make it conform to the requirements (and personally I don't see the point, as the problem with JS is security - and that's not solved by just putting JS malware under a !foss license).
I prefer to just make stuff usable without javascript.
- Claes Wallin (韋嘉誠) repeated this.
-
@arunisaac @mmn #LibreJS-compliant #JavaScript is important, because it's currently the only way to verify that code is actually free software. Even if you're a JavaScript expert, you'd otherwise need a way to verify that all the code served to you is free by correlating it with source, and even still it might serve other non-free code with it.
Making sites work without JS is important---I don't enable JS for 99% of the web, period; even free software can do bad things. But if you write JavaScript and I don't have a way to verify that it's free, then you may as well not write it. At the very least, that includes a license header. And if you have a license header, it may as well be LibreJS-compatible.
https://www.gnu.org/software/librejs/free-your-javascript.html
-
#LibreJS afaik also has caveats other than the license header, some bits about how code is run etc and statements that aren't allowed. And so far I've heard problems with people having a hard time figuring out _why_ their code doesn't verify as libre. If it happens to be really easy, I'd happily accept a patch and I guess @hannes2peer too (though last I read he had managed to fix it for !qvitter)
-
@mmn @maiyannah The security risk comes from the indiscriminate running of ephemeral, unsigned, untrusted programs. Yes, recognizing a program as free software isn't a solution in itself---that could be a lie to get around LibreJS, or it could still be doing bad things. So this is nowhere near a solution to that problem.
It's very rare that I actually permit a site to run JavaScript, even if I know it's free. But for those who _do_ want to run JS for a site, should they choose to do so, they should be able to have an idea what parts of it are free, and avoid all the rest.
-
> some bits about how code is run etc and statements that aren't allowed
There's no restrictions on the JS; perhaps you're referring to what it recognizes as "trivial" (and therefore not needing a license)? For example, "trivial" scripts can't define functions.
If it's not working for whatever reason, it's worth asking about it at help-librejs@gnu.org. If it's a bug, then it can be improved upon.
-
@mmn @mikegerwitz @arunisaac *A* problem with browser JS is security. Doesn't make other problems not worth solving.