Arggh, I didn't want to hear this... Can't you configure groovy as to limit its radius of action to FreeMind internals? Possibly as an option, but per default...
And I know that per default, you are asked to accept Groovy scripts, but I don't think it's enough: Groovy scripts are useful so people will press OK without thinking, or will disable the question... until we get our first FreeMind macro virus, and I wouldn't want to be the one responsible for this. So, I want that we reconsider the decision to ship a groovy engine able to wipe out our users' disk by just opening a FreeMind file and pressing an OK key. Thanks, Eric Christian Foltin said: > Hi Eric, > > well, with groovy, you are able to format the hard disk inmediately. Even > without any sun bug... > > Yours, Chris > > -------- Original-Nachricht -------- >> Datum: Mon, 3 Mar 2008 09:11:20 +0100 (CET) >> Von: "Eric Lavarde - FreeMind" <[EMAIL PROTECTED]> >> An: [email protected] >> Betreff: Re: [Freemind-developer] 0.8.1 min Java included > >> Hi Chris, >> >> thinking it over, I still see two points against packaging Java: >> >> 1. Security is one side, bugs are another, you still need to repackage >> if >> a Java bug impacts FreeMind. >> >> 2. Back to security: especially given the fact that we've now got a >> scripting engine, FreeMind is also a security issue entry (think about >> Word documents with macros) and as such, we need to be careful. >> >> This said, it's not a strong opposition, and as long as I don't need to >> package or support such a thing on Linux, you are free to do it :-) >> >> And again, I don't think any license issue speaks against it. Java 7 >> being >> under GPL, it's another story, theoretically, we would need as well to >> offer all the sources, but it's the same issue for all GPL libraries we >> already use. >> >> Cheers, Eric >> >> Christian Foltin (GMX) said: >> > Hi, >> > >> > ad 2: well, with an embedded java, this jvm is only used for FreeMind. >> > Thus, the need for security updates is not so big, is it? >> > >> > And moreover, I'm seeing into the future, when Jre7.0 gets open >> source. >> > Then, there would be no problem at all. >> > >> > Well, let's see. >> > >> > Chris >> > >> > Eric Lavarde schrieb: >> >> Hi, >> >> >> >> I'm not really happy either with the idea to bundle FreeMind with >> Java: >> >> >> >> 1. not because of the licensing reasons, my understanding was always >> >> that GPL is about linking and not bundling: >> >> >> >> "In addition, mere aggregation of another work not based on the >> Program >> >> with the Program (or with a work based on the Program) on a volume of >> >> a storage or distribution medium does not bring the other work under >> >> the scope of this License." >> >> >> >> 2. but because we carry the responsibility in terms of security >> updates. >> >> Sun brings rather often security updates and we would have to >> generate >> a >> >> new release each time. >> >> >> >> I would rather see an installer checking for the existence of Java >> (with >> >> a correct version), and warn the user if it's missing, opening on >> >> request a browser with the java download URL. >> >> >> >> Eric >> >> >> >> Dan Polansky wrote: >> >> >> >>> Dear Chris, >> >>> >> >>> as promised, I have now posted the zip with updated Windows >> launchers, >> >>> one taking Java from "jre/bin/javaw.exe", into the following patch: >> >>> >> >>> >> http://sourceforge.net/tracker/index.php?func=detail&aid=1361629&group_id=7118&atid=307118 >> >>> >> <http://sourceforge.net/tracker/index.php?func=detail&aid=1361629&group_id=7118&atid=307118> >> >>> >> >>> I have created a documentation page about the Windows launcher: >> >>> >> >>> http://freemind.sourceforge.net/wiki/index.php/Windows_launcher >> >>> >> >>> >> >>> As regards licensing: In an email that you have sent to me and that >> I >> >>> am >> >>> quoting below, you have referred me to two open source projects that >> >>> bundle Java into their installers. I have added them into the wiki: >> >>> >> >>> http://freemind.sourceforge.net/wiki/index.php/Licensing >> >>> >> >>> However, the first project does not have a pure GPL; they have >> modified >> >>> it to make it possible to link with non-free code. >> >>> >> >>> The second project does not state their license on their web page; >> that >> >>> they have GPL follows from their entry in their SourceForge project >> >>> page. There is no evidence that the other project knows what they >> are >> >>> doing. >> >>> >> >>> I see no evidence that bundling FreeMind, licensed under pure GPL >> V2+, >> >>> with Java is legally correct. >> >>> >> >>> Best regards, >> >>> Dan >> >>> >> >>> >> >>> Chris wrote: >> >>> >> >>> Hi Dan, >> >>> >> >>> you requested to find open source with java included. Here are >> two >> >>> of them: >> >>> http://www.mondobeyondo.com/projects/stopmojo/ >> >>> http://tiffanys.sourceforge.net/ >> >>> >> >>> Both on sourceforge. >> >>> >> >>> Do you still remember to create the different exe for me? >> >>> >> >>> Thanks, >> >>> >> >>> Chris >> >>> -- >> >>> >> >>> >> >>> On Mon, Feb 18, 2008 at 8:43 PM, Dan Polansky >> <[EMAIL PROTECTED] >> >>> <mailto:[EMAIL PROTECTED]>> wrote: >> >>> >> >>> Dear Chris, >> >>> >> >>> okay; I will create the exe in any case, regardless of the >> opened >> >>> licensing issue. This I will do no sooner than on the coming >> >>> weekend. >> >>> >> >>> But as regards licensing, IMHO we should proceed in a >> risk-averse >> >>> way, and consider such a bundling a license violation, unless >> >>> clearly demonstrated otherwise. My concern is not that we >> violate >> >>> Sun's license; my concern is that we violate FreeMind's GNU GPL. >> >>> >> >>> I prefer hard facts to speculation. And I prefer to rely on the >> >>> thought and experience of a multitude of other people, those who >> >>> are >> >>> experienced or if possible expert, if available. Do you know of >> any >> >>> other open source software licensed under GNU GPL that contains >> >>> Java >> >>> bundled? >> >>> >> >>> I understand that FreeMind needs Java. FreeMind also needs an >> >>> operating system, some of which are proprietary. The key point >> is >> >>> *bundling*, not *need*, from what I understand. >> >>> >> >>> Best regards, >> >>> Dan >> >>> >> >>> >> >>> >> >>> On Feb 18, 2008 8:25 PM, Christian Foltin (GMX) >> >>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> wrote: >> >>> >> >>> Hi Dan, >> >>> >> >>> beside the licensing, do you still create the .exe for me? >> The >> >>> packaging needs some time to be created. >> >>> Moreover, remember, that every user of FreeMind needs Java >> to >> >>> execute FreeMind. >> >>> And it is only the question, if we are allowed to package >> and >> >>> distribute the java with our proprietary program. >> >>> We can' t claim, that the result is GPL (at least not for >> java >> >>> 5+6, java7 is gpl, but not available AFAIK). >> >>> >> >>> Perhaps, consider >> >>> http://www.debian.org/doc/manuals/debian-java-faq/ >> >>> >> >>> Best regards, Chris >> >>> >> >>> Dan Polansky schrieb: >> >>> >> >>>> Dear Chris, >> >>>> >> >>>> I think it should be possible for me to make it tomorrow to >> >>>> produce a version of FreeMind.exe that takes the Java >> runtime >> >>>> from a specific directory. >> >>>> >> >>>> But what I see as an issue is the licensing of Java >> runtime. >> >>>> Though I have already devoted some attention to copyright >> >>>> issues, I am still a non-expert. FreeMind is licensed under >> >>>> GNU GPL; bundling with it something that has not an open >> >>>> source license seems highly risky of copyright violation. >> >>>> >> >>>> Unless we have a clear evidence that there are no licensing >> >>>> issues, we should avoid bundling with FreeMind anything >> >>>> without a license compatible with GNU GPL. >> >>>> >> >>>> Best regards, >> >>>> Dan >> >>>> >> >>>> >> >>>> On Feb 16, 2008 10:41 PM, Christian Foltin (GMX) >> >>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> >>>> wrote: >> >>>> >> >>>> Dear Dan, >> >>>> >> >>>> this will cost you at least a couple of beer ;-) >> >>>> >> >>>> Dan, I want to publish an installer version including >> the >> >>>> java runtime: >> >>>> FreeMind-0-8-1-max-Java-included, too. What do you >> think? >> >>>> From the license of the runtime, it should be possible >> >>>> (see below). >> >>>> >> >>>> >> >>>> I would need your help in creating a freemind.exe that >> >>>> takes a java.exe >> >>>> from a subdirectory jre/bin/java.exe. >> >>>> Can you supply such an exe, soon? >> >>>> >> >>>> Regards, >> >>>> >> >>>> Chris >> >>>> >> >>>> >> >>>> >> ======================================================================= >> >>>> Redistribution of the J2SE Runtime Environment >> >>>> >> ======================================================================= >> >>>> >> >>>> >> -------------------------------------------------------- >> >>>> NOTE - The license for this software does not allow >> >>>> the >> >>>> redistribution of beta and other pre-release >> versions. >> >>>> >> -------------------------------------------------------- >> >>>> >> >>>> Subject to the terms and conditions of the Software >> >>>> License >> >>>> Agreement and the obligations, restrictions, and >> >>>> exceptions set >> >>>> forth below, You may reproduce and distribute the >> Software >> >>>> (and >> >>>> also portions of Software identified below as >> >>>> Redistributable), >> >>>> provided that: >> >>>> >> >>>> (a) you distribute the Software complete and unmodified >> >>>> and only >> >>>> bundled as part of Your applets and applications >> >>>> ("Programs"), >> >>>> >> >>>> (b) your Programs add significant and primary >> >>>> functionality to the >> >>>> Software, >> >>>> >> >>>> (c) your Programs are only intended to run on >> Java-enabled >> >>>> general >> >>>> purpose desktop computers and servers, >> >>>> >> >>>> (d) you distribute Software for the sole purpose of >> >>>> running your >> >>>> Programs, >> >>>> >> >>>> (e) you do not distribute additional software intended >> to >> >>>> replace >> >>>> any component(s) of the Software, >> >>>> >> >>>> (f) you do not remove or alter any proprietary legends >> or >> >>>> notices >> >>>> contained in or on the Software, >> >>>> >> >>>> (g) you only distribute the Software subject to a >> license >> >>>> agreement >> >>>> that protects Sun's interests consistent with the >> terms >> >>>> contained in this Agreement, and >> >>>> >> >>>> (h) you agree to defend and indemnify Sun and its >> >>>> licensors from >> >>>> and against any damages, costs, liabilities, >> settlement >> >>>> amounts >> >>>> and/or expenses (including attorneys' fees) incurred >> in >> >>>> connection with any claim, lawsuit or action by any >> >>>> third party >> >>>> that arises or results from the use or distribution >> of >> >>>> any and >> >>>> all Programs and/or Software. >> >>>> >> >>>> The term "vendors" used here refers to licensees, >> >>>> developers, and >> >>>> independent software vendors (ISVs) who license and >> >>>> distribute the >> >>>> J2SE Runtime Environment with their programs. >> >>>> >> >>>> Vendors must follow the terms of the J2SE Runtime >> >>>> Environment Binary >> >>>> Code License agreement. >> >>>> >> >>>> >> >>>> >> >>> >> >>> >> ------------------------------------------------------------------------ >> >>> >> >>> >> ------------------------------------------------------------------------- >> >>> This SF.net email is sponsored by: Microsoft >> >>> Defy all challenges. Microsoft(R) Visual Studio 2008. >> >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> >>> >> >>> >> >>> >> ------------------------------------------------------------------------ >> >>> >> >>> _______________________________________________ >> >>> Freemind-developer mailing list >> >>> [email protected] >> >>> https://lists.sourceforge.net/lists/listinfo/freemind-developer >> >>> >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> >> This SF.net email is sponsored by: Microsoft >> >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> >> _______________________________________________ >> >> Freemind-developer mailing list >> >> [email protected] >> >> https://lists.sourceforge.net/lists/listinfo/freemind-developer >> >> >> >> >> > >> ------------------------------------------------------------------------- >> > This SF.net email is sponsored by: Microsoft >> > Defy all challenges. Microsoft(R) Visual Studio 2008. >> > >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ >> > Freemind-developer mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/freemind-developer >> > >> >> >> -- >> Eric de France, d'Allemagne et de Navarre >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Freemind-developer mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/freemind-developer > > -- > GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! > Jetzt dabei sein: http://www.shortview.de/[EMAIL PROTECTED] > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Freemind-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/freemind-developer > > -- Eric de France, d'Allemagne et de Navarre ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Freemind-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/freemind-developer
