It looks for license metadata in the following forms: 
https://www.gnu.org/software/librejs/free-your-javascript.html 
<https://www.gnu.org/software/librejs/free-your-javascript.html>


> On Feb 22, 2018, at 12:50 PM, Narcis Garcia <informat...@actiu.net> wrote:
> 
> It seems a crazy strategy.
> If GNU distributions used this kind of analysis instead of trusting
> software from subscribed repositories, all our computers could be a
> jungle (either with scripts and compiled files).
> 
> How does LibreJS check an script's license?
> 
> 
> El 22/02/18 a les 18:43, Ivan Zaigralin ha escrit:
>> From what I can pick up, LibreJS tries to detect and whitelist "trivial" 
>> code 
>> first, meaning, the code which an algorithm can recognize as data-like and 
>> harmless. For all other code, it checks the license. I don't have details on 
>> how these things are done, but both can clearly be programmed in a variety 
>> of  
>> ways.
>> 
>> On Thursday, February 22, 2018 10:57:28 Narcis Garcia wrote:
>>> I was asking about the CURRENT principle for LibreJS, not for "good" or
>>> "bad" of theoretically prossibilities.
>>> 
>>> El 22/02/18 a les 09:35, Ivan Zaigralin ha escrit:
>>>> On Thursday, February 22, 2018 08:43:38 Narcis Garcia wrote:
>>>>> Which is the principle for LibreJS to approve JavaScript functions
>>>>> and/or files?
>>>>> A license mention?
>>>> 
>>>> Can be regarded as necessary, but not sufficient.
>>>> 
>>>>> A signature?
>>>> 
>>>> Useful for creating a trust model between users and web parties, but this
>>>> is already implemented by https+noscript, and it solves a different
>>>> problem, not directly freedom-related.
>>>> 
>>>>> A well-known functions comparison? A code analysis? It replaces funcions?
>>>> 
>>>> A code analysis is pointless. Detecting obfuscated code, in particular, is
>>>> an intractable problem. If you could define "obfuscated" formally,
>>>> chances are, there would be a formal proof that the detection is
>>>> unsolvable by a TM. But generally speaking, a good way to obfuscate is by
>>>> writing a virtual assembly interpreter, and then feeding it "binaries"
>>>> which appear to be perfectly cromulent, poetic even, JavaScript sources.
>>>> And obfuscated code cannot be considered free.
>>>> 
>>>> None of this is purely academic. Dynamic, obfuscated JavaScript bitcash
>>>> miners are all the rage right now. This is where we are today.
>>>> 
>>>> 
>>>> 
>>>> --
>>>> http://gnuzilla.gnu.org
>>> 
>>> --
>>> http://gnuzilla.gnu.org
>>> 
>>> 
>>> --
>>> http://gnuzilla.gnu.org
> 
> --
> http://gnuzilla.gnu.org
> 

--
http://gnuzilla.gnu.org

Reply via email to