My Stuff

2010 Conferences

OSGi DevCon @ JAX London

February 23 - Keynote titled OSGi in the Enterprise: Agility, Modularity, and Architecture’s Paradox

EclipseCon

March 22 - 25 - Tutorial on Modular Architecture

Über Conf

June 14 - 17 - Sessions titled Turtles and Architecture and Patterns of Modular Architecture

Catalyst

July 26 - 30 - Two sessions on rich mobile applications and one on agile development. Half day tutorial on software process improvement.

Tweets @ Twitter

Apple's profits for its latest quarter are $1 billion. That's $1 billion per week, by the way. http://t.co/wE6RglA5 1 week ago

If you know JavaScript and HTML, you can crete your own custom widgets in iBooks Author. That's pretty cool…#Apple 2 weeks ago

High School Textbooks also available. Major publishers are on board. Several volumes available today…#Apple 2 weeks ago

#Apple announces iBooks Author for OS X and iBooks 2. Using author, you can create your own interactive books for iBooks. 2 weeks ago

Nice #HTML5 site (html5rocks.com). Check out the Interactive Presentation & HTML5 vs. native comparison (http://t.co/UFTuafAE) via @mahemoff 2 weeks ago

LinkedIn Profile

The opinions expressed on this site are my own, and not necessarily those of my employer.

Nov '07
2

Crap4J - Alarming EULA

Filed Under Agile, Development, Metrics |  

Updated (11/02/07) : Please note the responses from Alberto and Bob attached to this post. They’ve offered some assurance that Crap4J does not transmit any code to their servers, and that the licensing snafu was due to a simple oversight. They also resolve to correct the licensing agreements. Thank you, Alberto and Bob! : End Update

I went to install the Crap4J Eclipse plug-in. As part of this plug-in, there are four separate features, and I happened to actually read the license agreement for each of them. In a nutshell, for three of the features (Agitair JUnit Runner, Agitair JUnit4 Suport, and Public API for Generated Tests), the license agreement states that the software is experimental and primarily for academic, research, and open source use. But that’s not the alarming part. It also says that it transmits your code over the open internet to be analyzed on non-secure Agitair computers shared by multiple users. Here’s the exact text:

THIS SOFTWARE IS INTENDED PRIMARILY FOR ACADEMIC, RESEARCH, AND OPEN SOURCE
USE. WHILE COMMERCIAL USE IS ALLOWED, PLEASE BE AWARE THAT YOUR CODE
IS TRANSMITTED OVER THE OPEN INTERNET AND ANALYZED ON NON-SECURE
COMPUTERS SHARED BY MULTIPLE USERS.

I don’t like that much, and it seems a bit sneaky to hide that rather important note in a license agreement that I doubt many folks read. There should be a more noticeable disclaimer somewhere. Also, I found no such notice in the Ant Task distribution (in fact, couldn’t find a license agreement included at all). But that’s not saying the Ant Task does or does not transmit your code.
I don’t know the internal behavior of Crap4J. Maybe it doesn’t send your code anywhere. But the license agreement indicates that Crap4J does, or at the very least, that they have the right to do so. Maybe, giving them the benefit of the doubt, they didn’t fully review the license agreement, and aren’t aware of what it says. Either way, the fact that this important note is buried within a license agreement without any other public disclaimer is very alarming and deceiving.

Comments

4 Responses to “Crap4J - Alarming EULA”

  1. Alberto Savoia on November 2nd, 2007 2:32 pm

    Kirk,

    Thanks for catching that; but please rest assured that no code is transmitted anywhere when you use Crap4j. Once you download the plug-in, all the action with Crap4j is local. Soon we will give people an option to share their results (i.e. post their project’s front page) but it will be entirely voluntary and obvious: “Push this button to publish and share your summary on crap4j.org”.

    What happened is that we re-used some JUnit Factory components (e.g. the JUnit runner because we need the code coverage information) and inherited those EULAs. As you guessed, we did not review them carefully enough - our bad. We’ll fix it on the next release and thank you for bringing this to our attention.

    Alberto

    P.S. JUnit Factory, on the other hand, was intentionally designed to be used as a web-based, hosted, service.

    We created JUnit Factory primarily to make our software freely available to open-source and academic institutions for research, teaching programming/testing classes, and test generation.

    We have always provided free licenses of our full-fledged product to open-source and academia; but since many universities do not have the time or $ to buy and maintain a dedicated server (or enough servers to handle classes with many students) we thought it would be nice to help them by providing HW (a “grid” of 10 CPUs) as well as the software.

    Apparently it’s what people wanted. Since we started offering it, most of our intended users have chosen the Software as a Service model of JUnit Factory over a “regular” academic license.

    Thanks again for catching the oversight.

  2. Bob Evans on November 2nd, 2007 3:58 pm

    Hi Kirk,

    We’re definitely not being deceiving, nor do we want anybody’s code. I would’ve appreciated the courtesy of contacting us and asking us if this is what we meant first. Especially considering how young the project is, and that it is trying to do some good in the community by raising awareness about testing and code quality. Hopefully your readers read the comments too.

    That request made, we are quite chagrined about the mistake. Here’s more clarification on how we use the JunitFactory components in crap4j and what we intend to do to fix this problem.

    We are re-using the JunitFactory test-runner components (with permission) to generate the coverage data used by the Crap4j component, which is licensed under The Eclipse Public License. The Junitfactory components that we install just run the tests and produce coverage results, since we don’t use, nor install, the JunitFactory client component which is used to upload code. Our intention has always been to make the coverage runner pluggable so that others can be used. It just turns out that the Agitar coverage tool provides basis-path coverage, which is more comprehensive than some other free coverage tools out there.

    As Alberto said, we’ll figure out what to do about that license to make the intent more clear. I tried to separate the Eclipse plugin bundles to make it clear that they are two separate components, but obviously we need to do more.

    Good catch on the Ant Task not having a license in the distribution, that was just a mistake that will be fixed in the next release (maybe today.)

    Thanks,
    Bob Evans

  3. Bob Evans on November 2nd, 2007 8:08 pm

    The ant distribution and the eclipse plugin have been updated to include all the licenses for crap4j and the components that it relies upon.

    There is still the issue of what it means that we use a 3rd party component (JunitFactory) that mentions that code might be uploaded, but at least the crap4j license, which has no such clause, is clear and available in a licenses folder in both distributions.

  4. Jason on May 21st, 2009 4:14 am

    its now 2009 and the Agitar components still carry the clause
    ” EXPERIMENTAL PRODUCT WHICH TRANSMITS CODE WITHOUT SECURITY TO
    AGITAR’S SERVERS.”

    so I guess they really do.

Leave a Reply




Modularity Patterns

Recently Written

Categories

Archives