Bug #3891

non-free file "WebSocketMain.swf"

Added by Dmitry Smirnov over 5 years ago. Updated over 5 years ago.

Status:ClosedStart date:07/27/2015
Priority:HighDue date:
Assignee:-% Done:

0%

Category:Sunstone
Target version:-
Resolution:invalid Pull request:
Affected Versions:OpenNebula 4.12

Description

`src/sunstone/public/bower_components/no-vnc/include/web-socket-js/WebSocketMain.swf`
is pre-built, source-less and non-free (because it needs to be built using non-free Flex 4 SDK).

Please remove `WebSocketMain.swf` file.


Related issues

Duplicates Backlog #3853: minified javascripts Closed 06/27/2015

History

#1 Updated by Daniel Molina over 5 years ago

  • Status changed from Pending to Closed
  • Resolution set to invalid

In 4.14 external JS libraries are no longer included in the code and must be downloaded using bower.

#2 Updated by Dmitry Smirnov over 5 years ago

I'm talking about release tarball (downloadable from https://github.com/OpenNebula/one/releases).

It is a disaster if 3rd party components needs to be downloaded using bower because downloading is not possible in Debian build environment (not to mention that bower is not available in Debian as far as I'm aware).

I believe it will be best to include all necessary components into tarball but make sure they are FLOSS-compliant.

I think you seriously misunderstand the problem if you think it is OK to install non-free component(s) in order to use Opennebula.
The point is to use only free components and avoid non-free dependencies (bundled or download-able)...

#3 Updated by Carlo Daffara over 5 years ago

It is not correct to say that it is non-free, as the source is released under the new BSD license. The Flex environment itself has been open sourced in 2011 and is now managed by the Apache foundation at http://flex.apache.org/ and is Apache v2 Licensed.

#4 Updated by Dmitry Smirnov over 5 years ago

Carlo, there are few problems and incorrect assumptions here:

  • `WebSocketMain.swf` included to Opennebula One 4.12.3 is a pre-built binary -- its source code is nowhere to be found in the release tarball.

Source-less binaries (sometimes called "binary blobs") are non-free because they are not human-readable and not modifiable.

From Debian prospective, binary is non-free if it have no source code and/or it can't be re-built from source using software from "main" repository.

As I recall there were problems like incomplete source code or essential dependencies on non-free components preventing Flex from building from sources.

I see that Apache Flex is apparently alive (so there might be little hope that some problems were addressed) but Flash is an obsolete technology anyway so I doubt that packaging it would worth the effort...

#5 Updated by Carlo Daffara over 5 years ago

I commented on the general definition of "non-free", of course Debian has a more restrictive one (not that I complain to that).
From what I recall in my past lurker at Debian packages, the problem is not legal but merely the unavailability of a packager. The flex debugger was not necessary anymore from a long time on both Windows and Linux for doing builds; and the problems related to the need of Cygwin have been solved since 2013. The last offer for a packager for debian is from september 2014, so I guess it's more an interest/time available problem than a licensing one.
So, I agree that Debian misses a Flex package to build WebSocketMain.swf, and this makes it "non-free" for Debian, but not in a general licensing sense.
I'm pedantic, sorry :-)

#6 Updated by Daniel Molina over 5 years ago

Also available in: Atom PDF