[FEAT] Add support for librejs

darin755 commented

2023-10-22 20:58:46 +00:00

Needs and benefits

Currently Forgeio and all sites that use have free JavaScript that isn't recognized by librejs. This is a problem because without the proper licensing tags people don't know there rights to the libre code.

Feature Description

Librejs reads the licenses of JavaScript and blocks those that don't have finable licenses. It finds licenses though licenses embedded in JavaScript or a separate file. Adding this to Forgejo shouldn't be to complex and I am willing to look into doing it.

This issue is mostly to get the options of the community.

Screenshots

No response

### Needs and benefits Currently Forgeio and all sites that use have free JavaScript that isn't recognized by librejs. This is a problem because without the proper licensing tags people don't know there rights to the libre code. ### Feature Description Librejs reads the licenses of JavaScript and blocks those that don't have finable licenses. It finds licenses though licenses embedded in JavaScript or a separate file. Adding this to Forgejo shouldn't be to complex and I am willing to look into doing it. This issue is mostly to get the options of the community. ### Screenshots _No response_

👀 1

darin755 added the

enhancement/feature

label 2023-10-22 20:58:46 +00:00

Gusted commented

2023-10-22 21:07:47 +00:00

Owner

There's https://codeberg.org/assets/js/licenses.txt, which is present in the footer. It contains the license of all javascript & Go dependencies.

darin755 commented

2023-10-23 03:08:56 +00:00

Author

I'll see if I can figure out why it isn't being detected

dachary added the

User Research - feature

User Research - UI

labels 2023-10-27 19:05:19 +00:00

banaanihillo commented

2023-11-04 11:54:17 +00:00

Did anyone pick this up yet? I tried looking for how the license tags work but couldn't figure out if it is not detected due to being minified code or if it was another issue altogether

Gusted commented

2023-11-04 12:53:39 +00:00

Owner

Maybe a issue over on LibreJS should be made, but for what's worth it seems like it once worked with LibreJS but because it's not a format that can be generated it was removed.

Maybe a issue over on LibreJS should be made, but for what's worth it seems like it once worked with LibreJS but because it's not a format that can be generated it [was removed](https://github.com/go-gitea/gitea/issues/11630).

delgh1 commented

2023-12-03 05:38:44 +00:00

Is anyone working on this? I'm not good at these things but would like to see it implemented.

wolftune commented

2023-12-29 22:52:16 +00:00

Note: I and some others are working to evaluate Codeberg for listing at https://www.gnu.org/software/repo-criteria-evaluation.html

Functioning with LibreJS is criterion B0, and resolving this issue will give a passing grade there. I have not investigated whether the best fix involves some work on the LibreJS side, I'm just doing the evaluation of the status quo.

Note: I and some others are working to evaluate Codeberg for listing at https://www.gnu.org/software/repo-criteria-evaluation.html Functioning with LibreJS is criterion B0, and resolving this issue will give a passing grade there. I have not investigated whether the best fix involves some work on the LibreJS side, I'm just doing the evaluation of the status quo.

wolftune referenced this issue from Codeberg/Community

2023-12-30 05:53:43 +00:00

GNU LibreJS detects some unlicensed JS #64

n0toose commented

2023-12-30 13:56:38 +00:00

Member

Functioning with LibreJS is criterion B0, and resolving this issue will give a passing grade there.

I've taken a look at the page before and noticed the absence of Codeberg there, I felt like looking into that LibreJS stuff but it seems like the support got the plug at the Gitea level.

Would LibreJS deem files containing SPDX headers that declare the use of an FSF-approved license or entire repositories (in this case, the latter is very hard) using https://reuse.software (by the FSFE)? What do you define as a passing grade?

> Functioning with LibreJS is criterion B0, and resolving this issue will give a passing grade there. I've taken a look at the page before and noticed the absence of Codeberg there, I felt like looking into that LibreJS stuff but it seems like the support got the plug at the Gitea level. Would LibreJS deem files containing SPDX headers that declare the use of an FSF-approved license or entire repositories (in this case, the latter is very hard) using https://reuse.software (by the FSFE)? What do you define as a passing grade?

👍 1

wolftune commented

2023-12-30 15:35:21 +00:00

Yes, the original GNU repo reviews were done before Codeberg existed I believe, and since then some of the volunteers reviewed SourceHut, and GitLab was updated to failing after passing before (GitLab has gotten worse, more invasive third-party requests, more proprietary, etc). This effort now is the first time for GNU reviewing Codeberg.

For LibreJS to work, the JS needs to be marked as described at https://www.gnu.org/software/librejs/manual/html_node/Setting-Your-JavaScript-Free.html#License-tags

The current file at https://codeberg.org/assets/js/index.js has no appropriate tagging. Somewhere in the file, there is a mention of license with a link to a GitHub repo which happens to show MIT license, but that is only able to be determined by going to the link. I don't understand how that index.js gets to be there for the Codeberg deployment from the Forgejo code.

In order to support LibreJS, any deployed Forgejo instance needs to automatically have the necessary license tags be correct regardless of JS minification or whatever. I know that at one point having a separate file that declared JS licenses worked. LibreJS has been updated though, and I'm really not clear on the details myself, I'm just doing my best to facilitate. I tested Codeberg with LibreJS and found that the JS was blocked because license was not recognized.

Btw, there is an upstream Gitea ticket (though no insights there): https://github.com/go-gitea/gitea/issues/13393

Yes, the original GNU repo reviews were done before Codeberg existed I believe, and since then some of the volunteers reviewed SourceHut, and GitLab was updated to failing after passing before (GitLab has gotten worse, more invasive third-party requests, more proprietary, etc). This effort now is the first time for GNU reviewing Codeberg. For LibreJS to work, the JS needs to be marked as described at https://www.gnu.org/software/librejs/manual/html_node/Setting-Your-JavaScript-Free.html#License-tags The current file at https://codeberg.org/assets/js/index.js has no appropriate tagging. Somewhere in the file, there is a mention of license with a link to a GitHub repo which happens to show MIT license, but that is only able to be determined by going to the link. I don't understand how that index.js gets to be there for the Codeberg deployment from the Forgejo code. In order to support LibreJS, any deployed Forgejo instance needs to automatically have the necessary license tags be correct regardless of JS minification or whatever. I know that at one point having a separate file that declared JS licenses worked. LibreJS has been updated though, and I'm really not clear on the details myself, I'm just doing my best to facilitate. I tested Codeberg with LibreJS and found that the JS was blocked because license was not recognized. Btw, there is an upstream Gitea ticket (though no insights there): https://github.com/go-gitea/gitea/issues/13393

Gusted commented

2023-12-30 16:12:13 +00:00

Owner

There's a generated list of licenses at https://codeberg.org/assets/licenses.txt, that includes all javascript and Go licenses of the used dependencies. I understand from https://www.gnu.org/software/librejs/free-your-javascript.html#step3 that it needs to be formatted in this special HTML format in order to be recognized (with the appropriate linking rel="jslicense" on every page), at one point there was this list but has been removed as it wasn't possible to generate this trough current tooling https://github.com/go-gitea/gitea/issues/11630 and it still seems to be the case.

There's a generated list of licenses at https://codeberg.org/assets/licenses.txt, that includes all javascript and Go licenses of the used dependencies. I understand from https://www.gnu.org/software/librejs/free-your-javascript.html#step3 that it needs to be formatted in this special HTML format in order to be recognized (with the appropriate linking `rel="jslicense"` on every page), at one point there was this list but has been removed as it wasn't possible to generate this trough current tooling https://github.com/go-gitea/gitea/issues/11630 and it still seems to be the case.

wolftune commented

2024-01-23 19:26:44 +00:00

The other practical issue (whether LibreJS specifically recognizes it or not) is facilitating access to the non-minified original source files. It's not enough to have the licenses, the links to the source code is the other piece of the puzzle. Having that would be a big step even if LibreJS still doesn't work.

[FEAT] Add support for librejs #1654

Needs and benefits

Feature Description

Screenshots