On Fri, Jan 17, 2014 at 02:44:52PM +0100, Stanislav Ochotnicky wrote:
JavaScript Guidelines[1] about compilation/minification don't mention
source RPMs at all. Someone suggested that if we ship pre-compiled
javascript in a source rpm (even if we don't then ship it in binary
RPMs) we are not fulfilling the open source definition[2]
More specifically this part:
"The source code must be the preferred form in which a programmer would
modify the program. Deliberately obfuscated source code is not
allowed. Intermediate forms such as the output of a preprocessor or
translator are not allowed."
In essence:
Is it enough to just remove minified/obfuscated js in %prep/%build to make
sure we are not using pre-built version or do we have to remove it from
the tarball so that we don't ship such compiled versions even in SRPMs?
Above is especially important for GPL-licensed JS libraries, but even
more permissive licenses could run afoul of Fedora "Freedom" foundation
I guess.
We assume minified JavaScript is the equivalent of a binary or object
code for purpose of copyleft licenses like the GPL, so in those cases
by default either we shouldn't be shipping the upstream minified
version without there also being what we reasonably believe to be the
non-minified version, or we need to scrutinize the case more closely.
Beyond those cases I don't think this is a legal issue but a Fedora
packaging guidelines issue.
- RF