The JED and GPL

[mattbaylor]

How will it be determined that the commercial or other extensions listed on these websites are GPL and JED compliant?
How will the "policing" of the non-JED-listed extensions be handled?
How will it be determined that these other extensions do not have obfuscated/encrypted code?
If they require a fee to download many users are never going to examine the extension.
If they are not listed in the JED no files have been submitted for review when a listing is requested.

The same way it is currently being handled. We rely on user reports as well as catch them when screening new submissions. Their usually pretty easy to catch just by reading the developers license page.

Extensions listed in the JED are regularly found with obfuscated/encrypted code.
I have found two myself in the last few weeks (reported and removed from the JED).
From this I assume there are many other extensions found by other users as well.
It appears to be an ongoing problem.

We find 2-3 a month. Just about all of them are just obfuscated back links. I think the only ionCube issues we found in the past 6 months were extensions that were listed pre-GPL, were rarely used and rarely updated so they didn't get caught.

Currently there is no public history of bad behavior so it happens over and over.
Anyone who has been around awhile and has a good memory knows there are some "bad" players out there.
These "bad" players are still in business because the current secrecy policy hides their bad deeds.

A 'wall of shame' is really for another thread but I will say 99% of the issues we have boil down to someone not reading the rules or a language translation failure, which is why Brian has volunteered to help developers in that area.

What really needs to be discussed is how to improve the developer summary page.
The current focus is on rating the extensions with little attention to the developer (which creates the biggest user problems).
Perhaps a new thread on that subject would be appropriate, and very useful discussion.
.

That discussion will happen. Converting to Joomla 3.0, we will be replacing MTree with a completely custom extension and once we get the core system stable we'll be looking at profiles and new features.

[Webdongle]

The same way it is currently being handled. We rely on user reports as well as catch them when screening new submissions. Their usually pretty easy to catch just by reading the developers license page.

We find 2-3 a month. Just about all of them are just obfuscated back links. I think the only ionCube issues we found in the past 6 months were extensions that were listed pre-GPL, were rarely used and rarely updated so they didn't get caught

Far better to catch them before the users see them and report them is it not ? And what about the commercial extensions ? Many users are not going to pay money just to check them. Again I offer to help.


Not too sure about a 'wall of shame' ... would there be legal implications there ?

That discussion will happen. Converting to Joomla 3.0, we will be replacing MTree with a completely custom extension and once we get the core system stable we'll be looking at profiles and new features.

Perhaps the discussion about how to improve the developer summary page should be discussed in the forum now. Because "will happen" may be too late for everyone to input on the discussion ... especially if the JED team is secretly discussing it now.

[kenmcd]

.
There are no legal ramifications of telling the truth.

As for the ongoing "Wall of Shame" objection I think this is a ridiculous argument.
This protects those who should be ashamed (and are not), and hurts those who should be protected.

Keeping a record of the violations and displaying that is no different than displaying the current page which few will see.
It only took years to get those pages to be displayed, to allow users a small glimpse behind the JED Wall of Secrecy.
So I suppose it also takes years to get to save that page so it is actually useful.
Heaven forbid someone will actually see those pages so they know what happened.

This over-emphasis on protecting the developers reputations seems biased.
One could wonder if this is a holdover of the Joomla-devs-good-old-boys-club so obvious in the past.

Why should anyone give a crap if some developer hiding code is "shamed" or embarrassed.
It is what really happened.
It is the truth.
It is what users should know.

I am so sick of this Wall of Shame nonsense.
It smacks of cronyism.
Why is there this big concern with "protecting" disclosure of bad behavior?
Who are you more concerned about?
Why are you so interested in protecting these developers?
Where is the concern about protecting users?

There are a lot of really high quality, honest, ethical people around – this includes developers, users, and forum helpers.
BUT . . .
Anyone who has been around these forums for years also knows there are some real dirtbags around.
Unethical liars, some outright thieves, rotten people who are victimizing users.
And it continues because they can get away with it because no one is allowed to speak ill of a developer.

Please explain to me how no-Wall-of-Shame secrecy is more ethical than the truth.
Open and honest disclosure is not shameful.
Open and honest disclosure is the ethical thing to do.

Allowing this wall of secrecy and user abuse to continue for years now . . . that is shameful.

.

[mattbaylor]

Far better to catch them before the users see them and report them is it not ? And what about the commercial extensions ? Many users are not going to pay money just to check them. Again I offer to help.

All new submissions get checked using the JEDChecker tool which flags encrypted and base64 code. Commercial or non-Commercial has no relevance, every listing requires the dev to provide a copy of the extension to be checked.

Those old 1.5 listings that may have fallen through the cracks will be gone in a few months anyway when we drop 1.5 support. It's not like we're plagued with tons of encrypted/obfuscated coded extensions to warrant anyone looking though a million lines of code just to find a handful of listings.

Not too sure about a 'wall of shame' ... would there be legal implications there ?

Very much so and is probably the main reason there isn't one. In the litigious world we live in it could very easily sink the ship financially just defending the truth.

Perhaps the discussion about how to improve the developer summary page should be discussed in the forum now. Because "will happen" may be too late for everyone to input on the discussion ... especially if the JED team is secretly discussing it now.

If you want to start that discussion by all means go for it. Right now it's not under discussion within the team and won't be for awhile. We're working on getting to 3.0, which will take some time. We're working on the new review system that will be blog posted soon and the ToS revision that was posted in the forum.

The tinfoil hats can be stowed, there are no secrets with anything we're trying to get accomplished. We come up with a plan for something, present it to the community for feedback, make adjustments and implement it. Everyone get's plenty of time to offer input.

[brian]

Sorry Ken but I dont agree. While their "might" be value in having a public record of those who tried to trick the system in the past and were banned for a period as a result I am a believer in rehabilitation after your punishment is served. In addition sometimes an extension is removed due to a misunderstanding (usually where English is not the first language) is it really fair and just that they are punished forever. Society has moved on from the days of permanently marking "offenders". We no longer chop off the hand of a thief. Instead we punish them for a period of time and for that period only.

[Webdongle]

If the Joomla Platform licence is changed from GPL tp LGPL what effect if any will that have on the JED ruling about GPL licences ? http://developer.joomla.org/news/545-jo ... urvey.html

[brian]

No

[Webdongle]

Hi Brian

Thanks for taking the time to answer. Is that an official JED answer or just your opinion ? And could you please expand on why the answer to "... what if any ..." is 'No' ?

[brian]

sorry it should have said none not no. Joomla the cms is remaining GPL so extensions for Joomla the CMS must be GPL.

[ozneilau]

Hopefully developers that aren't already compliant have plans underway so that normal service can continue and users of their extensions are not left unsupported.

Well, it looks like JoomlaPolis have beaten the deadline by 2 days by releasing a GPL version of CBSubs:

http://www.joomlapolis.com/news/18335-c ... -goes-gpl-

Some of their clients (including me) are not happy as they have decided to call it a different product and charge an upgrade fee:

https://www.joomlapolis.com/forum/6-new ... =12#217737

Is this fair or is it just me?

Neil.

[Webdongle]

...
Some of their clients (including me) are not happy as they have decided to call it a different product and charge an upgrade fee:
...

Do you mean

• All existing CBSubs customers with an active (as of today, Dec. 29th, 2012) maintenance period get a 75% discount to upgrade to CBSubs GPL 3.0
• All existing CBSubs customers with expired maintenance still get 50% off to upgrade to CBSubs GPL 3.0.

[ozneilau]

Exactly.

[birnik]

Does this new rule mean that all the template clubs who have a restriction on usage of their templates, will be no longer able to publish new extensions in JED?

I mean, templates are usually ignored, as they are not listed in JED, but these are still extensions.
IMO: It will be unfair if they sell templates with limitations of usage of the css/js/image files and have the right to list extensions in JED, while developers of components/modules/plugins do not have that right.