Do we need to include any new licenses when we ship the new v8 inspector?

[MylesBorins]

It does not appear that v8_inspector has a LICENSE but some of the vendored deps do including:

• jinja2
• markup_safe

I do not believe we will have to as both of these appear to be build tools, but I'm not entirely sure and wanted to play it safe.

@ofrobots is there anything we should know license wise before shipping?

@mikeal thoughts?

/cc @nodejs/tsc

[ofrobots]

v8_inspector is extracted from Blink (license). We can add a LICENSE file to it (/cc @pavelfeldman).

jinja2 and markup_safe are build time dependencies.

[rvagg]

If you look in license-builder you'll see a section at the bottom for build tools, jinja2 and markup_safe can go there. Being able to pull LICENSE files in some form for both of these as well as v8_inspector in-tree would be ideal. Currently we only have to go out of tree for punycode and we can't properly match version for that when we do so it's not ideal.

[jasnell]

@ofrobots ... can you verify that neither jinja2 or markup_safe insert any of their own licensed boilerplate or template code into the generated output during build time? If they do, then we may still need to include mention of those bits in the license file.

[ofrobots]

@jasnell jinja2 (website) is a simple python template engine (similar to handlebars or mustache). It is used to generate protocol files for v8_inspector. markup_safe is a dependency of jinja2.

Here's an example template file Backend_h.template that gets expanded to a C++ file Backend.h, or you can check out/Release/obj/gen/blink/platform/inspector_protocol/Backend.h after a Node build. As you can see no license boilerplate is being added.

[jasnell]

Awesome. Thank you!
On Jun 3, 2016 4:16 PM, "Ali Ijaz Sheikh" [email protected] wrote:

@jasnell https://github.com/jasnell jinja2 (website
http://jinja.pocoo.org/docs/dev/) is a simple python template engine
(similar to handlebars or mustache). It is used to generate protocol files
for v8_inspector. markup_safe is a dependency of jinja2.

Here's an example template file Backend_h.template
https://github.com/nodejs/node/blob/d0151695a7a5504115dd3feb4ffac7557e9e31b2/deps/v8_inspector/platform/inspector_protocol/Backend_h.template
that gets expanded to a C++ file Backend.h
https://gist.github.com/ofrobots/ed138b69f8602640c04fa4d088c4e160, or
you can check
out/Release/obj/gen/blink/platform/inspector_protocol/Backend.h after a
Node build. As you can see no license boilerplate is being added.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#7123 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AAa2eSGE3UVZ_aqFV5uJ_2Bc8h1uZGMBks5qILXKgaJpZM4ItHk8
.

[richardlau]

This issue hasn't been resolved but the inspector shipped in Node.js v6.3.0.

Given that Blink's license is not the same as Node.js' primary license the v8_inspector really should have its own LICENSE since some of the source files say

// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

and at present there is no LICENSE in deps/v8_inspector.

[richardlau]

With regards to dependencies

• deps/v8_inspector/deps/jinja2/ext/jinja.el is GPL:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;;; Commentary:
;;
;; Mostly ripped off django-mode by Lennart Borgman.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; This program is free software; you can redistribute it and/or
;; modify it under the terms of the GNU General Public License as
;; published by the Free Software Foundation; either version 2, or
;; (at your option) any later version.
;;
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
;; General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; see the file COPYING.  If not, write to
;; the Free Software Foundation, Inc., 51 Franklin Street, Fifth
;; Floor, Boston, MA 02110-1301, USA.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

• deps/v8_inspector/deps/wtf/wtf/PtrUtil.h is LGPL:

 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Library General Public
 *  License as published by the Free Software Foundation; either
 *  version 2 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library General Public License for more details.
 *
 *  You should have received a copy of the GNU Library General Public License
 *  along with this library; see the file COPYING.LIB.  If not, write to
 *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 *  Boston, MA 02110-1301, USA.

• What is deps/v8_inspector/deps/wtf? There's no LICENSE and a less than helpful README.

[bnoordhuis]

What is deps/v8_inspector/deps/wtf?

A utility library also used by other projects (WebKit uses it, as does Mozilla.)

I'm a bit surprised to see LGPL code in there. @ofrobots?

[pavelfeldman]

What is deps/v8_inspector/deps/wtf?

It should not be LGPL, I'll fix it. But more importantly, v8_inspector/deps/wtf is not a part of upstream, so this whole folder should not be there. PlatformWTF.h should have inlined compatibility layer declarations for wtf. I filed crbug.com/627114 upstream to track the inlining.

[EDIT:ofrobots: fix link]

[ofrobots]

The deps/v8_inspector directory is a gathering of external dependencies, and no original content other than the README.md file (which documents this).

• jinja and markupsafe are build time only tools.
• code in deps/v8_inspector/platform/ tracks upstream repositories 1 and 2 which are subsets of the Blink (a fork of WebKit, still called WebKit in the chromium source). Note that the Blink license file has recently (3) merged with the chromium license 4. Note: I am not a lawyer.

[pavelfeldman]

What is deps/v8_inspector/deps/wtf?

Ouch. It should have been inlined in PlatformSTL.h (for node) and it was, the deps/wtf is not used and should have been removed. We only pick two folders (inspector_protocol and v8_inspector) from upstream and don't add anything else into the build.

[ofrobots]

Ouch. It should have been inlined in PlatformSTL.h (for node) and it was, the deps/wtf is not used and should have been removed.

This is my bad. #7302 should have deleted deps/wtf as part of restructuring. I will do so in PR soon.

[mhdawson]

So from what I understand wtf will be removed so the remaining concern would be deps/v8_inspector/deps/jinja2/ext/jinja.el.

From earlier comments it sounds like it is only used to generate files from templates, which don't include the licence, and only these new files are used to create what is part of the delivered node packages. The result being that none of the files with the GPL license are "shipped" as part of the Node.js deliveries. @ofrobots is this correct ?

[bnoordhuis]

jinja.el is an emacs syntax highlighting script. It's not used and can be removed without harm.

[ofrobots]

Yes, deps/wtf will be removed in the next roll (I'm working on this). The jinja.el script is neither used in the build nor shipped as part of a node distribution.

[MylesBorins]

@ofrobots when do you expect the next roll to come in? Is it safe to assume that it should resolve all licensing concerns?

[ofrobots]

These are the concerns that I am aware of:

• The files deps/wtf should not be included in the source. PR: deps: v8_inspector no longer depends on wtf #7751.
• It would be good to include a LICENSE file to go along with the v8_inspector and inspector_protocol dependencies. Solution: We have gotten blessing to include a LICENSE file in this intermediate repository. We will have to go back to picking up the source from the intermediate repo. Eugene and I are working on this; expect a PR early next week as changes are needed upstream. PR: deps: update v8_inspector #7796.
• Remove jinja.el to make life simple. I can do this along with/after the update of v8_inspector above. deps: update v8_inspector #7796.