Delicious      Technorati      Blinklist      Furl      Reddit

TimeTrex Time and Attendance

TimeTrex Time and Attendance


* FAQ    * Search
* Login   * Register

All times are UTC - 8 hours [ DST ]




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 
Author Message
 Post subject: License Conflict
PostPosted: Fri Sep 24, 2010 12:57 am 
Offline

Joined: Fri Sep 24, 2010 12:48 am
Posts: 14
During a security audit of a firm that uses TimeTrex we discovered Google Analytics code in the login screen. In the process of removing the offending code I discovered:


{* REMOVING OR CHANGING THIS LOGO IS IN STRICT VIOLATION OF THE LICENSE AGREEMENT *}
<img src="{$IMAGES_URL}powered_by.jpg" alt="Time and Attendance">

I removed the URL again due to the (minimal) security concerns of the data that the browser sends when clicking links. However I find the comment in the code to conflict with the AGPL license under which TimeTrex claims to be distributed under.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Fri Sep 24, 2010 7:33 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
Removing the "Powered By TimeTrex" logo is a definite violation of the AGPLv3 license that TimeTrex Standard Edition is distributed under, as it is considered "Appropriate Legal Notices" under Section 7(b). In fact this clause is one of the primary clauses that the AGPL license is designed to account for.

http://www.gnu.org/licenses/agpl-3.0.html

Quote:
Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
...
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
...



Please also see the header of source code files as well, which I have included here for your convenience, the last paragraph is key:
Code:
/*********************************************************************************
 * TimeTrex is a Payroll and Time Management program developed by
 * TimeTrex Payroll Services Copyright (C) 2003 - 2010 TimeTrex Payroll Services.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by
 * the Free Software Foundation with the addition of the following permission
 * added to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED
 * WORK IN WHICH THE COPYRIGHT IS OWNED BY TIMETREX, TIMETREX DISCLAIMS THE
 * WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along
 * with this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact TimeTrex headquarters at Unit 22 - 2475 Dobbin Rd. Suite
 * #292 Westbank, BC V4T 2E9, Canada or at email address info@timetrex.com.
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License
 * version 3, these Appropriate Legal Notices must retain the display of the
 * "Powered by TimeTrex" logo. If the display of the logo is not reasonably
 * feasible for technical reasons, the Appropriate Legal Notices must display
 * the words "Powered by TimeTrex".
 ********************************************************************************/


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu Apr 17, 2014 2:55 pm 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
Just to add some clarification to this thread for others, removing the "Powered by TimeTrex" logo or any copyright notices is in strict violation of the license, however you seemed to confuse that with Google Analytics.

The Google Analytics tracking is simply used to help improve the software and doesn't collect any employee or private personal data, it just lets us know what screens are used most and how users navigate through the software, no different than visiting any other website (as TimeTrex is web based after all). If you think TimeTrex is already perfect and can't be improved upon any further, or simply don't wish to provide such information, you can disable it by adding the following line to your timetrex.ini.php file:

[other]
disable_google_analytics = TRUE


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Mon Apr 28, 2014 3:31 am 
Offline

Joined: Mon Mar 03, 2014 12:13 pm
Posts: 3
About licence violations:

What about providing the source code? Where is the interface source code?

Code:
6. Conveying Non-Source Forms.

You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
a) ..
...
e).


Please tell us where (how) to get the flex interface source code.

Thanks


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Mon Apr 28, 2014 8:40 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
We no longer offer the Flex sourcecode as the Flex interface is being discontinued shortly and replaced by a pure HTML5 interface, which the full sourcecode will be available upon its release.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Tue Apr 29, 2014 1:39 am 
Offline

Joined: Mon Mar 03, 2014 12:13 pm
Posts: 3
Well, HTML5 will be very welcome, flex is nice looking, but have a lot of problems attached.

Hope it's sooner rather than later, can you advance a prespective on the date?

Thanks for the awnser.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Tue Apr 29, 2014 8:56 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
Its in early beta testing with some Cloud Hosted customers now, so it will likely be a few months before its available in the Community Edition.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 12:39 am 
Offline

Joined: Sun Feb 23, 2014 2:50 pm
Posts: 51
Is there a way that I can get in to the beta test? I am using the community cloud hosted.

_________________
Adam Miller
TimeTrex Administrator - New Ulm Robotics


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 8:06 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
If you are using our Cloud hosted service simply change the end of the URL from "flex" to "html5". For example:

http://ondemand2001.timetrex.com/interface/flex

Gets changed to:

http://ondemand2001.timetrex.com/interface/html5


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 8:34 am 
Offline

Joined: Sun Feb 23, 2014 2:50 pm
Posts: 51
Thank you.

_________________
Adam Miller
TimeTrex Administrator - New Ulm Robotics


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 9:18 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
Please let us know if you experience any problems or discover any issues whatsoever.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 9:42 am 
Offline

Joined: Sun Feb 23, 2014 2:50 pm
Posts: 51
There are some permission issues. If you would like more details, please let me know. I logged in as an employee with very minimal permissions, and they were still able to see the edit employee button along with some other things that they shouldn't have access to.

_________________
Adam Miller
TimeTrex Administrator - New Ulm Robotics


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 10:01 am 
Offline

Joined: Tue Sep 19, 2006 2:22 pm
Posts: 7256
Please start a new topic and describe in detail the issue so we can get it resolved as soon as possible.


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 10:15 am 
Offline

Joined: Sun Feb 23, 2014 2:50 pm
Posts: 51
sounds good.

_________________
Adam Miller
TimeTrex Administrator - New Ulm Robotics


Top
 Profile  
 
 Post subject: Re: License Conflict
PostPosted: Thu May 22, 2014 10:34 am 
Offline

Joined: Sun Feb 23, 2014 2:50 pm
Posts: 51
I have started a new topic here: viewtopic.php?f=5&t=6534

_________________
Adam Miller
TimeTrex Administrator - New Ulm Robotics


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  


Time and Attendance




Powered by phpBB® Forum Software © phpBB Group