Page 1 of 1

License Conflict

Posted: Fri Sep 24, 2010 12:57 am
by joako
During a security audit of a firm that uses TimeTrex we discovered Google Analytics code in the login screen. In the process of removing the offending code I discovered:


{* REMOVING OR CHANGING THIS LOGO IS IN STRICT VIOLATION OF THE LICENSE AGREEMENT *}
<img src="{$IMAGES_URL}powered_by.jpg" alt="Time and Attendance">

I removed the URL again due to the (minimal) security concerns of the data that the browser sends when clicking links. However I find the comment in the code to conflict with the AGPL license under which TimeTrex claims to be distributed under.

Re: License Conflict

Posted: Fri Sep 24, 2010 7:33 am
by shaunw
Removing the "Powered By TimeTrex" logo is a definite violation of the AGPLv3 license that TimeTrex Standard Edition is distributed under, as it is considered "Appropriate Legal Notices" under Section 7(b). In fact this clause is one of the primary clauses that the AGPL license is designed to account for.

http://www.gnu.org/licenses/agpl-3.0.html
Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
...
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
...

Please also see the header of source code files as well, which I have included here for your convenience, the last paragraph is key:

Code: Select all

/*********************************************************************************
 * TimeTrex is a Payroll and Time Management program developed by
 * TimeTrex Payroll Services Copyright (C) 2003 - 2010 TimeTrex Payroll Services.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by
 * the Free Software Foundation with the addition of the following permission
 * added to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED
 * WORK IN WHICH THE COPYRIGHT IS OWNED BY TIMETREX, TIMETREX DISCLAIMS THE
 * WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along
 * with this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact TimeTrex headquarters at Unit 22 - 2475 Dobbin Rd. Suite
 * #292 Westbank, BC V4T 2E9, Canada or at email address info@timetrex.com.
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License
 * version 3, these Appropriate Legal Notices must retain the display of the
 * "Powered by TimeTrex" logo. If the display of the logo is not reasonably
 * feasible for technical reasons, the Appropriate Legal Notices must display
 * the words "Powered by TimeTrex".
 ********************************************************************************/

Re: License Conflict

Posted: Thu Apr 17, 2014 2:55 pm
by shaunw
Just to add some clarification to this thread for others, removing the "Powered by TimeTrex" logo or any copyright notices is in strict violation of the license, however you seemed to confuse that with Google Analytics.

The Google Analytics tracking is simply used to help improve the software and doesn't collect any employee or private personal data, it just lets us know what screens are used most and how users navigate through the software, no different than visiting any other website (as TimeTrex is web based after all). If you think TimeTrex is already perfect and can't be improved upon any further, or simply don't wish to provide such information, you can disable it by adding the following line to your timetrex.ini.php file:

[other]
disable_google_analytics = TRUE

Re: License Conflict

Posted: Mon Apr 28, 2014 3:31 am
by nandou
About licence violations:

What about providing the source code? Where is the interface source code?

Code: Select all

6. Conveying Non-Source Forms.

You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
a) ..
...
e).
Please tell us where (how) to get the flex interface source code.

Thanks

Re: License Conflict

Posted: Mon Apr 28, 2014 8:40 am
by shaunw
We no longer offer the Flex sourcecode as the Flex interface is being discontinued shortly and replaced by a pure HTML5 interface, which the full sourcecode will be available upon its release.

Re: License Conflict

Posted: Tue Apr 29, 2014 1:39 am
by nandou
Well, HTML5 will be very welcome, flex is nice looking, but have a lot of problems attached.

Hope it's sooner rather than later, can you advance a prespective on the date?

Thanks for the awnser.

Re: License Conflict

Posted: Tue Apr 29, 2014 8:56 am
by shaunw
Its in early beta testing with some Cloud Hosted customers now, so it will likely be a few months before its available in the Community Edition.

Re: License Conflict

Posted: Thu May 22, 2014 12:39 am
by amiller030
Is there a way that I can get in to the beta test? I am using the community cloud hosted.

Re: License Conflict

Posted: Thu May 22, 2014 8:06 am
by shaunw
If you are using our Cloud hosted service simply change the end of the URL from "flex" to "html5". For example:

http://ondemand2001.timetrex.com/interface/flex

Gets changed to:

http://ondemand2001.timetrex.com/interface/html5

Re: License Conflict

Posted: Thu May 22, 2014 8:34 am
by amiller030
Thank you.

Re: License Conflict

Posted: Thu May 22, 2014 9:18 am
by shaunw
Please let us know if you experience any problems or discover any issues whatsoever.

Re: License Conflict

Posted: Thu May 22, 2014 9:42 am
by amiller030
There are some permission issues. If you would like more details, please let me know. I logged in as an employee with very minimal permissions, and they were still able to see the edit employee button along with some other things that they shouldn't have access to.

Re: License Conflict

Posted: Thu May 22, 2014 10:01 am
by shaunw
Please start a new topic and describe in detail the issue so we can get it resolved as soon as possible.

Re: License Conflict

Posted: Thu May 22, 2014 10:15 am
by amiller030
sounds good.

Re: License Conflict

Posted: Thu May 22, 2014 10:34 am
by amiller030