KeyCAPTCHA external service is based on KeyCAPTCHA plugin(s), installed on protected web site servers.
This plug-in provides running the obfuscated client-side JavaScript (or ActionScript, if browser is not HTML5-compatible) coming from keycaptcha.com back servers.
Since these KeyCAPTCHA plugins are also published as Drupal.org modules (or extensions?) in http://drupal.org/project/keycaptcha, they are under GPL.
Then, client-side Javascript codes are distributed and derivative work under GPL and its source should have been available in order for such plugins (sorry, modules) be published on Drupal.org?
Well, I formulated my doubt in terms of GPL (and Drupal licensing compliance), but generally I cannot understand how external proprietary online (internet) services (whose plugins are published on Drupal.org) feeding client-side obfuscated code are compatible in any of the senses with FSF 4 freedoms :
- Freedom 0: The freedom to run the program for any purpose
- Freedom 1: The freedom to study how the program works, and change it to make it do what you wish
- Freedom 2: The freedom to redistribute copies so you can help your neighbor
- Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits
which Drupal.org should have supposedly enforced?
Some of the relevant references:
Comments
The KeyCAPTCHA module itself
The KeyCAPTCHA module itself is provided under the GPL, being hosted on Drupal.org. The output of what it produces, however, is not: The output of software is not necessarily copyrightable, and the terms of the GPL, or any software license, do not extend to the content that the program produces itself. If the module itself is simply relaying code (even if it's making modifications to the code, modifications of which are not copyrightable, which the module appears to be doing), and the code is not trivial, then the copyright for that code is owned by the provider, which would be the owners of keycaptcha.com (who appears to be Mersane Ltd.). Since they are providing the Javascript code themselves, they have their choice of licensing terms.
""KeyCAPTCHA is a code executable in the visitor's browser"
Hi, Acubed,
thanks for the answer but this is kind of standard answer I've read before that does not address my question
Isn't the Drupal's purpose of module licensing under GPL (to assure Free Software freedoms) is completely defeated and made senseless becasue neither of the mentioned freedoms can be realized b/c the ToS and really executable code is external to a module?
It is not content or output in case of KeyCAPTCHA module, it is client-side obfuscated (javascript, actionsScript, etc.) proprietory code "uploaded" through KetCAPTCHA module and executed in the visitor's browser.
If to read about client-side (javascript) code uploaded for the execution through GPL-ed module (plug-in, add-on, extension) ,
then all explanations are that these codes are also under GPL with (unobfuscated, reausable) source code available.
Your logic holds only for dynamically-linked or server-side code producing content and output.
It is not the case with client-side code (for ex., in case of KeyCAPTCHA)
Please read the references of my original post, I am afraid I would hijack my own topic by citing all relevant passages that are too many and too lengthy
For example, Citing from [3] above, http://steveluscher.com/archives/the-free-software-movement-and-the-gnu-... :
When use means use, and distribution means distribution
The share-alike provision of the GNU GPL is designed to prevent middlemen from stripping away any of the four freedoms from free software, on its way to the end user. To be clear, a person is free to build a piece of software atop someone else’s GPL code, and to use that software to conduct business activity for profit; this would constitute the exercising of freedoms 0 and 1 – the freedom to run a program, for any purpose, and the freedom to adapt it to their needs. To subsequently exercise freedoms 2 and 3 is purely optional, but if the user chose to exercise their freedom to distribute copies of their modified software, and distributed those copies under a license that restricts any of the four freedoms that they themselves were treated to, they would be in violation of the GNU GPL‘s share-alike provision.
When use and distribution go hand in hand
Considering the scenario I’ve just mentioned, what if the software in question is written in an interpreted language like Javascript, and built atop GNU GPL licensed Javascript code? Further, what if the person’s business is the provision of a web application – a type of application which, by virtue of its architecture, requires that Javascript source code travel over-the-wire to be executed on the client side, in order for the web application to be usable? Is the business owner exercising freedom 0, to run free software for any purpose, or do we say that she has exercised freedom 3, to distribute a modified copy of the software – her modifications now being subject to the share-alike provision of the GNU GPL?
Intent only to use
One might say that the business owner’s intent was to exercise freedoms 0 and 1 exclusively. The business owner may think of herself as the sole end user of the Javascript software – software that they use to provide a service to their customers over the Internet. Said service might be a dating service, or perhaps a service for ordering pizza delivery.
De facto, though, the distribution is
Whatever the business owner’s intent, the fact is that the architecture of a Javascript-based web application requires Javascript source code to be distributed over-the-wire in order for it to be useful; de facto distribution of Javascript source code occurs every time a web application is accessed. The users of the business’ service are, in fact, the end users of the business’ modified version of the original, free program.
Freedom isn’t free
Chances are that one of those arguments will have seen readers get a little hot under the collar, so let’s relax for a moment. By now we all understand the principles of free software, and our business owner surely wants to uphold the agreement that she entered into when she chose to build her software atop GNU GPL code. We’re all essentially on the same side, but because of the nature of the web, we find that we’ve been stripped of our agency to decide when to exercise our freedom to use free software, and when to exercise our freedom to distribute it. The two have become inseparable; client side Javascript is only usable when distributed.
There exist some edge cases where Javascript code need not be distributed to be useful. You could wrap it in an Adobe AIR or Silverlight application for your own personal use. You could use Rhino to embed it in a Java application for your own personal use. You could even build an application that runs in a browser, but only ever load it locally. These examples are specious, though. However plausible, the choice to use Javascript in these instances would likely not be the best available one.
For the remaining, typical, client-server, web-centric uses of Javascript, it would seem to me that there exists no opportunity for the creator of a derivative work based on GNU GPL Javascript code to derive value from their program without being forced to exercise freedom 3 by virtue of the consequential distribution of Javascript source code. Proponents of free software call Javascript a trap ....
.....
please read further on...
Or one can find (by googling) many other discussions, publications, docs, unanimously saying the same!
Update:
Let me cite from http://drupal.org/project/keycaptcha :
Gennady
scammed by KeyCAPTCHA.com
The current, positive reality
The current, positive reality is that said "freedoms" are already defeated because the code only works as a part of a larger service which is provided by a 3rd party, it's not any different than reCAPTCHA and family. It's a service which you are voluntarily handing out to a 3rd party, giving them the authority to control which code gets to be run, giving them the authority to maintain, update, and improve it so that you don't have to. It should go without saying, if you don't like this, then you don't have to use their service (let's assume for the moment that you are), a reality made better by the fact that there are plenty of other perfectly good CAPTCHA modules already (I use Hidden CAPTCHA myself). But more importantly, Drupal.org (the website) hosts and distributes modules under the condition that they are distributed under the GPL, this is the licensing policy. Drupal.org isn't hosting any code in violation of the licensing policy, and by extension, the GPL, so there's nothing that can be done about it, that fact by itself (see below).
For me to call the GPL as being "defeated" would mean that there was some intention to using the GPL that is being circumvented. I cannot identify the intention that is being defeated by having a GPL module handle 3rd party minified/compress/obfuscated Javascript code, but not with all the other 3rd party services being provided. It seems by your logic that you should have the "freedom" to fork the entire keycaptcha.com infrastructure.
Also, the GPL is strictly a distribution license. It does not nor would it be able to regulate what happens at runtime, and which code happens to be "executed in the same physical location" is irrelevant.
The normative could be different, but doesn't appear to be. My "what ought" analysis is that KeyCAPTCHA must not restrict distribution of what code they do provide; that it would be prudent to provide minified code; and they are under no obligation to provide sources, and any decision to make available the source behind their compiled binaries, minified code, or web services is theirs alone.
I made the case in my first post that the Javascript code is not subject to the GPL. Who is the injured party here, and who would be the offending party?
From your username alone, nevermind the blog link you provide, it appears you don't like KeyCAPTCHA. If you think that KeyCAPTCHA provides a negative user experience to Drupal.org users, you should raise that flag instead.
what's the point in enforcing GPL infringement?
You are incorrect about reCAPTCHA (it is different, in case of reCAPTCHA it is output, content and rendering from webserver to browser), "copyrightable" term usage ...
Though, these, as well, as contexts of KeyCAPTCHA likes or dislikes are off-topic digressing the topic...
So, what's the point of enforcing the Drupal authors/contributors to stick and automatically infringe GPL ?
I hope it is not the start of debate about what is wrong in GPL, FSF and Drupal's policy...
I just want to make sense from what you've written
What I've read that client-side code is under GPL as soon as plug-in (extension, module) is under GPL made perfect sense to me
And your point doesn't make sense and I even did not find anything similar on the internet!
PS
BTW, the KeyCAPTCHA's issue "Misleading Documentation"
was closed leaving my information there on cheating by KeyCAPTCHA.com unadressed.
Funny way of fixing things by their ignoring and silencing them...
Gennady
scammed by KeyCAPTCHA.com
The Javascript code output to
The Javascript code output to the browser is not protected by the GPL because it not distributed on Drupal.org nor is the output of software copyrightable. The fact that the output of software is not copyrightable as a result of being output is a solidly established one. If they were somehow violating the GPL, then there would have to be an injured party whose code is being distributed without permission (i.e. under terms not granted by the GPL). Whose GPL-covered code is being infringed in this case?
I'm addressing only this
I'm addressing only this part:
They claimed to have addressed your feedback. There was nothing more to do. It's clear you have a vendetta against them (and it seems they have one against you). The drupal.org issue queue is not the place to go back and forth on personal issues. If a technical issue is solved the issue should be left closed.
certifiedtorock.com/u/36762/
KeyCAPTCHA closed issue by declaring the facts by slander
KeyCAPTCHA had closed issue by simply declaring my feedback as spam, slander and vendetta
which they are not going to address or respond
This is very convenient but may such reasons be considered fixing the issues and ignoring the presented by me facts?
Gennady
scammed by KeyCAPTCHA.com
Obfuscated code
Free Software that connects to a non-free service over the Internet is well accepted in most circles as being legitimate, as the systems are separate programs. One could write an alternate remote system for the code to talk to. There are many many such modules on Drupal.org besides KeyCAPTCHA, including Akismet, Mollom, Twitter-based modules, and others. That's not a problem.
Providing only obfuscated Javascript in the module on Drupal.org, however, I would say is a problem unless the original source is available elsewhere and linked from the project page. (Minified Javascript is a good performance practice, although it renders the code unreadable.) IMO, a well-behaved module should provide both the original and minified Javascript in the repository.
I recommend filing an issue in the webmasters queue about it if the module is not providing the "intended for editing" source code, aka the non-minified Javascript. It could very easily just be an oversight rather than any malicious intent.
KeyCAPTCHA is not cotent from server, it is client-side code
Hello, @Crell and @Acubed,
I am perplexed to what you are repeatedly answering....
Akismet, Mollom, Twitter-based modules, and others output or render (by processing on their servers) content to client
KeyCAPTCHA extension is just bridge to executable in visitor's browser code coming from keycaptcha.com servers (to a visitor's browser).
Let me repeat what I wrote few times above
KeyCAPTCHA's description,
it is the same hard-typed into
and
explicitly telling (copy-pasting it):
I am dumbed - whatever I write, I am answered about something that I have never written or implied
I just hope that someone would have read and addressed what I've written above
Gennady
scammed by KeyCAPTCHA.com