[
https://issues.apache.org/jira/browse/MJAVADOC-669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17261436#comment-17261436
]
Thorsten Glaser edited comment on MJAVADOC-669 at 1/11/21, 5:20 PM:
--------------------------------------------------------------------
[~michael-o] done:
{quote}We will review your report and have assigned it an internal review ID :
9068511.
{quote}
This is now [https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8259530]
except they broke my nōn-ASCII characters…
{quote}Depending upon the completeness of the report and our ability to
reproduce the problem, either a new bug will be posted, or we will contact you
for further information.
{quote}
Note that it is preferable to have the +nōn-minified+ form there. Whether the
minified form is present and/or used is not as important, but the nōn-minified
form is the one that allows properly auditing what goes on. (I believe that
javadoc JARs can skip the minified form and use _only_ the nōn-minified one, as
they are not typically served over the network, and the files are
PKZIP-compressed anyway.) This stance is probably mandated by Open Source
distribution policies as well.
So, if you’re going to delete one, delete the _minified_ one, as it’s an opaque
binary.
I don’t mind having both too much, but having two copies of (the nōn-minified)
jQuery is still redundant ☺
was (Author: mirabilos):
[~michael-o] done:
{quote}We will review your report and have assigned it an internal review ID :
9068511. Depending upon the completeness of the report and our ability to
reproduce the problem, either a new bug will be posted, or we will contact you
for further information.
{quote}
Note that it is preferable to have the +nōn-minified+ form there. Whether the
minified form is present and/or used is not as important, but the nōn-minified
form is the one that allows properly auditing what goes on. (I believe that
javadoc JARs can skip the minified form and use _only_ the nōn-minified one, as
they are not typically served over the network, and the files are
PKZIP-compressed anyway.) This stance is probably mandated by Open Source
distribution policies as well.
So, if you’re going to delete one, delete the _minified_ one, as it’s an opaque
binary.
I don’t mind having both too much, but having two copies of (the nōn-minified)
jQuery is still redundant ☺
> Generated javadoc JARs contain jQuery and other MIT-licenced works without
> reproducing a copy of the MIT licence, same for GPL-licenced works
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: MJAVADOC-669
> URL: https://issues.apache.org/jira/browse/MJAVADOC-669
> Project: Maven Javadoc Plugin
> Issue Type: Bug
> Components: javadoc
> Affects Versions: 3.2.0
> Reporter: Thorsten Glaser
> Priority: Blocker
> Labels: legal, licensing
>
> A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple
> components under the MIT licence:
> * jQuery 3.5.1
> ** {{jquery/external/jquery/jquery.js}}
> ** {{jquery/jquery-3.5.1.js}} (duplicate of the above, blowing up the PKZIP
> archive size of the JAR, why is it included like this?)
> * JSZip 3.2.1
> ** {{jquery/jszip/dist/jszip.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils-ie.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils.js}}
> * jQuery UI 1.12.1
> ** {{jquery/jquery-ui.css}}
> ** {{jquery/jquery-ui.js}}
> ** {{jquery/jquery-ui.structure.css}}
> * and their respective minified versions
> It also contains {{script.js}} and {{search.js}} which are
> GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle
> in the LICENSE file that accompanied this code” but no such file accompanies
> said code.
> There are also multiple static {{resources}} and {{jquery/images}} whose
> licence is not documented.
> The MIT licence specifically *requires* that “The […] copyright notice and
> this permission notice [the licence body] shall be included in all copies or
> substantial portions of the Software.” The distribution PKZIP archives (JAR
> files) created by the Maven Javadoc Plugin violate this licence, making them
> not redistributable.
> Similarily, the GPLv2 used by the Oracle-provided files *requires* that
> redistributors “give any other recipients of the Program a copy of this
> License along with the Program.” The “if not, write to the Free Software
> Foundation” comment is specifically *not sufficient* for this and only
> provided as fallback should distributors violate this clause, as Maven
> Javadoc Plugin-generated PKZIP archives do. To be effective, the Classpath
> exception must also be provided.
> h2. Suggested fix
> Include the following new files:
> * {{jquery/LICENCE}} containing the MIT licence and all respective copyright
> notices for the various jQuery-related projects (including those _they_
> include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js,
> widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
> * {{js/LICENSE}} (creating a new subdirectory) containing the Classpath
> exception as provided by Oracle
> * {{COPYING}} or {{js/COPYING}} (this being the customary name for this
> file) containing the verbatim text of the GNU GPL version 2
> * Ideally, add a top-level {{LICENCE}} file pointing out those three and
> briefly documenting the licence of all other non-generated files and state
> all other files are generated from the original project and share its licence
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
