Solution

• Use the Bootstrap JavaScript library as delivered by bootScore
• Use the JavaScript libraries as delivered by WordPress
• Create a table containing the JavaScript compliance information
• For each JavaScript library delivered by bootScore or WordPress create a respective row in your JS table.
• Embed this table into your Open Source Compliance Page
• Make this Open Source Compliance Page accessible by the footer of your pages

Background

bootSCore contains some JS components. For example, its own unfolded JavaScript libraries¹ — implicitly licensed under the MIT license but without any explicit licensing statement — and the minified Bootstrap JavaScript library² — explicitly licensed under the MIT by a respective licensing statement. But none of them contain the license text itself.

Also, WordPress brings with it some own and some minified 3rd party JavaScript libraries³, like the jQuery library⁴ that is licensed under the MIT and contains a respective licensing statement, but does not cover the license text itself. Regardless, of whom the site owner has got these libs — from bootScore or WordPress -, eventually it is she who has to fulfill the license requirements because it is her system that distributes the JavaScript libraries to her readers.

But what is actually the challenge?

Like the JavaScript libraries of Bootstrap and jQuery, most JS libraries are MIT licensed. It requires that the copyright line and the license text are distributed together with the open-source program. “The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.“⁵

For (L|A)GPL-licensed JavaScript libraries it is nearly the same. These licenses permit the distribution of the source code “provided that one conspicuously and appropriately publishes on each copy an appropriate copyright notice and disclaimer of warranty […] and gives any other recipients of the Program a copy of this License along with the Program”.⁶

So, we see a contradiction between the claim of the licenses and the everyday practice. On the one side, a browser not only loads down the page text (HTML) but also the JavaScript library. This download distributes the code and hence triggers the necessity to fulfill the open-source license requirements. On the other side, usually, the compressed libraries — although as a package often offered by the authors — no longer contain the required license information: the smaller the libs, the faster the machine can display the site using that libs.

As site owners, we have two options to deal with this challenge. Either we subsequently (and (semi) manually) heal the packages we implicitly have taken over by using WordPress and bootScore. Or we use them as we’ve got them. It’s clear: Healing would imply that we redo that job whenever we update WordPress or bootScore. So, we tend to go the other way.

The solution is this:

Whenever developers decide to distribute minified JavaScript libraries, they also assume that their ‘customers’ use their work in that version. That is a reasonable assumption. So, we may derive that they implicitly permit that kind of use even if it violated the license they’ve chosen. Nevertheless, we should offer our users another option to get the required information. A substitute for bundling the license text, the copyright information, etc. with the JavaScript libraries themselves. However, we must take care only to include the minified JavaScript libraries the developers themselves have provided. In the case of the Bootstrap-JS-Lib in bootScore and the Jquery-JS-Lib etc. in WordPress, we may assume that they did so.

If we apply this process to our 3rd. party JS libraries, we have a strong argument for our position in case of a legal dispute — I’ve never heard of one — and we’re in good company: Even the FSF is proposing to do so.⁷ And the FSF really doesn’t have a reputation for taking license compliance lightly.

And in what way is this …

… part of the overarching topic FOSS Compliance? For fulfilling the requirements of FOSS licenses, we have to consider specific individual cases as well as side effects — for software, pictures, or documents. We should unhide trends and write guidelines. Above all, however, we must drive forward the automation of license fulfillment, make our licensing knowledge freely available, cast it into smaller tools, and bring it into larger systems: Because FOSS thrives on freedom through license fulfillment, large and small. That’s what also this article is about.

1. cf. ./bootscore/js/theme.js
2. cf. ./bootscore/js/lib/bootstrap.bundle.min.js
3. cf. https://codex.wordpress.org/Javascript_Reference respectively ./wp-includes/js
4. cf. wp-includes/js/jquery/
5. cf. MIT License
6. pars pro toto cf. GPL‑2.0. Additionally, the (A)GPL requires that we license our code that uses the (A)GPL-licensed library, etc. also under the (A)GPL (copyleft effect). But that’s not the point in this context.
7. cf. https://www.gnu.org/licenses/javascript-labels.html, https://www.gnu.org/licenses/javascript-labels-rationale.html, and https://www.iusmentis.com/computerprograms/opensourcesoftware/license-notices-web-applications

The post Using JavaScript Compliantly appeared first on FODINA 4 FOSS.