Fix SPDX code and secure

[Martii]

Ref:

• Fix ordering for OUJS cleanup

Thanks dude. Kewl gulp project to pluck everything together. :)

[cletusc]

I can add the CC-BY-NC-SA-3.0 (as well as a link to SPDX); however, I don't understand why CC should go before MIT. If it's just because of alphabetical rules, then that should be handled more on OUJS side, not a per-script-basis.

[Martii]

If it's just because of alphabetical rules

It's not... the @license key is treated as a SPDX OR for dual licensing. If it was a double licensed (notice the wording change) it would be an AND which OUJS doesn't support because too many licenses would contradict with each other that way. Newer npm variations actually don't support your older version of package.json anymore too. They don't supply a way of including a link to the url itself (with SPDX)... which kind of sucks for node/npm projects.

The TOS states that OSI SPDX needs to be in there and we validate on it as primary to reject No-Derivative Content Licenses as secondaries.

[Martii]

I don't understand why CC should go before MIT.

And what I said over there with:

GM's metadata policy has always been to read the last key in as primary.

I asked Anthony many years ago what the policy was... and he said always the last key. The package.json file is fine because node reads it in that order but metadata blocks have a policy of reverse order... (try it with multiple @author keys in the UserScript metadata block and look in you Addons and you'll see it in action.)

[Martii]

as well as a link to SPDX

One more noisy bit... you also don't have to do that if you don't want to. It can point to a matching GH LICENSE or LICENSE.md file if you want. We auto-link the SPDX short identifier to spdx.org anyhow.

Ref:

• 58

[cletusc]

Looking over the actual files, this should probably just be MIT honestly. There are certain files (noted in ATTRIBUTION.md) that have their own license but all other files (images, code, etc.) can be MIT.

If I'm doing that (MIT + pointing to the ATTRIBUTION.md), how would I go about doing that? Should I just point to the LICENSE.md and add a line to the LICENSE.md pointing to the ATTRIBUTION.md, similar to what's shown on npm's docs, specifically { "license" : "SEE LICENSE IN <filename>" }?

[Martii]

how would I go about doing that?

I think I still have your repo forked so if you want I could do it (getting too complicated unless you request it) or....

// @license MIT; https://raw.githubusercontent.com/cletusc/Userscript--Twitch-Chat-Emotes/master/ATTRIBUTION.md

or the html page on GH of:

// @license MIT; https://github.com/cletusc/Userscript--Twitch-Chat-Emotes/blob/master/ATTRIBUTION.md

... either works but you are correct in better attribution for licensing with that .md file... depends on what you want users to see... "pretty" or raw text.

this should probably just be MIT honestly.

... and remove the other @license key of course in this case. This will match what GH shows your repo as MIT.

[Martii]

Oh just make sure the .md file has the licensing (references) of all in it... I don't seem to see it.

---

Might be better to use your LICENSE file if you don't want to add those into the ATTRIBUTION.md.

---

{ "license" : "SEE LICENSE IN <filename>" }

This is new since the last time I looked. :) Depends on how often you change your licensing and if you want to keep these in sync with your .user.js . EDIT A question I have is "Does one include the lt and gt symbols though?".

[Martii]

... images ...

More noise... sorry... if those are Code images (like SVG with no bitmap equivalents) then MIT will cover it... if they are binary then that's where Content licenses come into play as "Works" vs "Code".