Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
My website contains :
1.FancyBox (for image overlay)
2.GalleryView (a slider)
and both use JQuery.
They are both free to use, but they insist on their copyright message shown where the work is used.
I'm confused as to where I must show the message.
license message of GalleryView. (Both Fancybox and this are under MIT license I suppose)
Copyright (c) 2009 John Anderson III
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Where am I to show it in my website?
And should I show a separate message for JQuery which I don't directly use?
Let us take a look as developers:
My website contains: 1.FancyBox (for image overlay) 2.GalleryView (a slider) and both use JQuery.
So to speak, if a user visits your website, you offer some software to download. When the user decides to download the software (activate scripts), you provide a copy of the following software:
JQuery - According to the website it is MIT or GPL.
FancyBox - Refers to the same: MIT or GPL.
GalleryView - According to it's LICENSE.txt file, this is MIT
Note: 3. contains third party code with different authors and licenses, mainly BSD-3-Clause as far as I could see, but I did not looked further. I'd say, if you have professional interest in using that library contact the author of that library, ask to correct the licensing information. Permissive licenses like BSD-3-Clause have requirements that need to be matched to gain usage rights. Just saying, I'd say it's common, so nothing to worry, just to take care of.
As one can see with this listing - and ignoring the problems in 3. for a moment - all software is available under free software license, so as you wrote, they are free to use.
But as you have worded it, they "insist on their copyright message shown where the work is used.". Let's pick that part from the BSD-3-Clause license text:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
And from the MIT license text:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
I think this is both pretty clear: When you pass along the software, you should pass along author credits / copyright / the usage terms / license.
Depending on how you deliver the software, you can put these terms inside the source-code and deliver it with the javascript files directly.
If you create binary version of the software (e.g. pack/compress the software), those comments then might be removed. You are still able to add those again on top of the file.
jQuery is pretty generous here btw, for example for the files that are delivered by nobody less than Google Inc., You find this:
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
(function(a,b){function cy(a) ...
So Google gives "Credit" by saying what software that file is (jQuery v1.7.2), from where they obtained it from (jquery.com) and they provide the licensing information (jquery.org/license). Legally this might not be enough if you talk with your lawyer, however, in this case I assume this is an accepted procedure by the jQuery project.
But this does not mean that this would be okay for John Anderson III, George McGinley Smith, and Robert Penner (and perhaps Blair Mitchelmore). The later btw. uses the WTFPL License which is considered a joke. It normally is not accepted and raises needless questions, so again, the author who packages up 3. should probably do same as the cloudstack folks did.
A Webmistress' Conclusion
That software we normally link in <script> tags in <head> (and less often <body>) is best distributed packed to spare us needless traffic. That means the source-form of the file is altered and often the comments containing the copyright and licensing information is missing. But often these licenses require us to provide that information.
It looks promising to just make use of another semantic HTML feature to provide copyright information: The copyright link you can place into the head next to script tags:
<link href="contact.html#credits" rel="copyright" title="Licensing Information">
or for the ones of us in the HTML 5 camp:
<link href="contact.html#credits" rel="license" title="Licensing Information">
This is an example providing another hyptertext markup language document that lists the used software and gives its licensing information in human readable form (compare). Please consult the HTML reference of your choice to learn more about the <link> tag.
Hope this is helpful. I don't want to prevent you to go to a lawyer to further clarify this, however, your lawyer might not even add more to this: Credits page, provide license information and a link to that page from every page that links as well the software. What can one want more? And I bet, if you do this, you are one of the more good citizens out there.
IANAL just a software developer, so thank you for asking for feedback, I could have been one of those other developers and naturally I prefer it if somebody asks instead of not doing anything. I would say as a developer: The most important thing is that users of my software learn about the rights they have with the software they use. Thank you for asking how to make that possible!
You're asking legal advice. Use your best judgment, ask a lawyer or contact the copyright holder for their input (probably safest bet).
Related
Im starting a new project. The aim of the project is to create a e-authoring tool for building courses in SCORM Complaint. Im new to this domain and I have little idea on this. I have taken a view on authoring tool in Articulate, which my customer requires to do the same. I understood the content creation, but I am trying to understand How can I export this as SCORM compliant course? In between I learned about xAPI as well And understood it is a kind of enhanced SCORM.
Could any one guide me to understand this,
1) How can create content from my custom authoring tool and export as SCORM complaint
2) Is it better to use xAPI or SCORM.
3) How is the SCORM pacakge communicate with my custom made LMS?
4) Heard about LRS,
My custom authoring tool will be made in React and store would MondDB
Any help would be greatly appreciated. Thankyou!
That is a lot to take on, particularly all at once.
1) The SCORM spec is made up of multiple parts. There is a packaging portion and a runtime portion. The basics are that your package needs to be a zip file, and that zip needs to include specific files that indicate to the LMS what type of standard it is along with other metadata about the package. For SCORM this will be called an imsmanifest.xml file. For xAPI you are most likely going to use a cmi5.xml (see cmi5) or a tincan.xml file (what Articulate Storyline exports when it says "xAPI"). The other parts of the package will depend on what standard and version of that standard (for SCORM 1.2, 2004 2nd, 3rd, or 4th edition) you are targeting, realizing that different LMSs support different standards and different degrees of those standards.
Once you have a package constructed that will import, the content itself (usually an HTML file) will need to locate the JavaScript API provided by the SCORM player (from the LMS) and make specific calls depending on what the content is needing to store or read, this is the runtime portion. The calls will again depend on the standard and version. For xAPI based packages (either tincan.xml packages or cmi5 packages) the content will communicate directly to the LRS based on the information provided on the URL at launch time (there is no built in JavaScript API).
2) This entirely depends on what your customer base looks like and the types of data that you intend to capture. SCORM is a more mature landscape and has wider adoption and is more heavily specified, if the information you need to capture fits into its limited information model then it is still an excellent choice. If you need significant data portability and/or the information you need to capture goes beyond compliance data (pass/fail, complete, and score) and/or interaction data (questions + answers) then you should consider xAPI, specifically via cmi5.
3) The LMS must provide a JavaScript API (specified by the SCORM runtime) which the content will use as its interface. The storage/retrieval of data is implementation specific for the LMS beyond what is included in the specification for the JavaScript API.
4) You didn't really include a question here.
I would suggest familiarizing yourself with the two sets of standards via http://scorm.com and http://xapi.com. And although it is a plug for my company's product, you may want to consider the Rustici Driver as it is a product (library) specifically designed to make it easy for an authoring tool to export content as SCORM 1.2, 2004, AICC, cmi5 or Tin Can (the latter two being xAPI). Once you have your tool up and running with minimal standards support you should consider testing it on Rustici's SCORM Cloud (it is free for this purpose), see http://cloud.scorm.com.
The format is huge, there is no quick reference guides. And different authoring tools have different scorm-support depths. You should probably start with this document
Sounds like you're talking about designing editable content; and the content "framework" itself.
This is a massive effort! This is massive support! That said, people do it.
Having built a CMS system for many supporting subject matters I had to divide and conquer this task.
Few ways I'd think to digest this beast- data, data, data
Requirements on Activities (Interaction types)
Design (static/dynamic) on these interactions
The view/facade displaying can change. Tech moves at the speed of light. Need to come up with a super solid data model.
I'd think about how these can be generic, and how they can be extended to meet the customers goals/needs. All depends how much customization (if any) can happen.
I start mapping all this to SCORM CMI Object level calls. Scoring, Progress, Interactions, Objectives etc...
Get your self a wicked SCORM Content API library or write one yourself. You'll be re-using a lot of these calls, no sense baking them into all your interactions
Get up on SCORM Packaging .. much of this has to be defined at author time. Lots of reading, and a lot of features you need to pick thru if your customers even use. Don't dev in places that have .1% market need. The low hanging fruit get you to market.
Surround yourself with passionate great people. You'll need them.
As far as the standards go, it's all about portability. SCORM works directly with a LMS if thats where your customer goes. Others use a LRS which is coded to work with one they set at author time. You can even do both.
Aside from React and MongoDB, you'll need something that can do the lift and shift of all this content.
I have few thousands packages which contains GPL/APL/BSD license. Currently to identify whether a package contains a GPL license, I am iterating over each package looking for LICENCE file and then checking its contents and matching that with the sample GPL template. I am following heuristic that if matching is greater than 90% then it is GPL license.
if match > 0.9: licence = True
But I don't think this is a correct way to do and also very slow.
So I was thinking, it is possible If I know the values of sha1sum, sha256sum values of all the files present in a package, can this help to identify whether package contains GPL license of not?
For example in my package sha1sum value for LICENCE is:
b7077bddb5a97beca2da00c07cc56b602e2ac6cc LICENCE
So If content of LICENCE will same then the sha1sum value corresponding to it will be same? if thats true then I can identify LICENCE file with sha1sum value. Also Is there a another way to identify LICENCE file in a package?
There are several versions of the GPL, so you would need to check for several of them. Also, some projects do not include the license/copyright file directly but instead say something to the affect of "This project is licensed under GPL v2". So you would find some, maybe even most, but not all of the projects using the GPL (or any other license).
There is no relation at all. SHA-1 is a hash algorithm, which could be used for checking integrity of files or check whether file was tampered with. It doesn't describe information in any way (though, it's possible to use hashes to identify files, so if you know hash of GPL-licensed file, you can calculate hashsum of your file and compare it to see whether it matches).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I have some closed-source code (written by me) that I'd like to keep for myself.
However I'd like to use some of that code in an open source project - which would also be written exclusively by me, but posted somewhere for anyone to use.
How can I accomplish something like this:
release open source version of code, which is free for anyone to
change, and keep or give back (I believe this is zlib license)
at the same time I'd like to have a version of the code for
myself,
and be able to incorporate any code changes from #1 (if someone
decides to fix up any code I release)
Is this as simple as having two code-trees, with different licenses attached to both? One zlib license, and one my own license?
Note, I'm a bit biased to using zlib license as it is short, and I believe I understand it and agree it is appropriate (I don't mind if someone uses code for commercial purpose).
The first part indeed requires two code trees. If you're using a distributed SCM, like git, mercurial or bazaar, then it wouldn't be too complicated:
One repo is public, open source, let's call it open-foobar
One repo is private, closed source, let's call it enterprise-foobar
In my opinion, it would be better to have the open repository as the main repository (upstream), which the private one forks and extends, but it depends on how much code do you want to keep private. If most of your commits will go into the private project, then it would make sense to make that one your main repository, however this will be harder to manage properly
Your local clone should add both repositories as remotes, and you should have separate local branches tracking branches on one of the two repositories, for example master-open tracks open-foobar/master, while master-enterprise tracks enterprise-foobar/master
You commit new open stuff in the master-open branch, which you push to the open repository
You merge master-open into master-enterprise, meaning that you include all the commits from the open repository in the private one
You commit new private stuff in the master-enterprise branch, which you push to the open repository, making sure that you don't accidentally merge these commits into the master-open branch.
When you want to include private commits into the open version, you can use git cherry-pick <commit-id> to just copy commits without exposing the fact that it comes from the private fork
This workflow is heavily centered on git, but it can be easily adapted to any other SCM system.
For the second part, by default patches from people that aren't paid by you under a contract that explicitly grants you all the copyright on the created code will keep the copyright to the original author of the code. This means that unless they grant you a license to the code, you can't include it in your private fork. Normally, that doesn't even grant you a license to include it in the open source project either, unless somehow mentioned in the license of the project, or in the patch submission process (by clicking the submit button you grant a license...). The Apache license is good here since it explicitly mentions that patches submitted to the project are automatically licensed so that they can be included in the code. I haven't read the zlib license, so I can't say if it has a similar clause or not; if it doesn't be sure to include some text that requires users to agree that they grant you the right to include any patch submission into the open source project under the project's license.
If you also want to include submitted patches into your private project, then you must ask for a copyright license on the code for inclusion in any private derivative of their code. See Wikipedia's article on CLAs for more details and some examples. You could take a look at Project Harmony for some "standard" CLAs.
The Apache group and others require code submitters to "sign" away ownership of any changes. You would need to do the same. Before you accept fixes or enhancements they have to sign the code over.
I am using the LMA (License Management Application) and want to know if it is possible to programmaticaly tell if a user has been licensed for my package.
Imagine if I wanted users of the application to see each other's application specific data - at minimum I would need a list of users that are licensed to use the application.
Is this possible? I want to be able to add code to the package that can be used to make decisions based on whether users have been granted a license seat through the LMA's "Manage Licenses" process.
Update: I've discovered that you can tell if the currently logged in user is licensed via the UserInfo.isCurrentUserLicensed(namespace) method - but so far no way to get a list of all licensed users.
UserInfo.isCurrentUserLicensed(namespace) is the only method related to licensing from apex sadly, there is currently no way to get all licensed users of an application programmatically.
There's an idea for this on the appexchange which it can't hurt to vote for: https://sites.secure.force.com/success/ideaView?id=08730000000bj7xAAA
LibTomCrypt in the past has seemed like a very viable and useful option for encryption. And the associated LibTomMath could be a useful math library. But lately, I can't see any development on it and it's ambiguous as to what is the "current" web site for it. E.g.:
http://libtomcrypt.com/
which points to http://libtom.org/
old page
http://libtomcrypt.org/ (now looks like it's been taken over by a domain squatter)
in the past (Wayback Machine)
What's the status, and is there a future for LibTomCrypt?
It moved to github: https://github.com/libtom/libtomcrypt
As far as I know, the author has dropped development of both libraries; any volunteer is free to pick the code up, and maintain it. Apparently this has not occurred (yet).
See for instance this message (published in newsgroup sci.crypt) from the author of those libraries.