I have tested this item ✅ successfully on 185881e

on review - thanks

We need to think about this:

1. Do we really need a separate set of copyright/license in installation (it's a different application just like site and admin are different applications)
2. The license.php file is miles out of date (the first license in there is the xml-rpc library which we haven't used since 1.5) - is this something we need to bundle (i'm not sure we do?) and if so then we should use this PR to update it

I have tested this item ✅ successfully on 185881e

RTC as there are 2 successfully Tests?

RTC

Setting to needs review - the two points i raised should be considered before this is merged

Do we really need a separate set of copyright/license in installation (it's a different application just like site and admin are different applications

If we dont need it then you need to rewrite the copyright file to remove the references. Personally I think it should exist there as I would expect to find the licence in the installation folder (when installing from a CLI)

The license.php file is miles out of date (the first license in there is the xml-rpc library which we haven't used since 1.5) - is this something we need to bundle (i'm not sure we do?) and if so then we should use this PR to update it

Yes we removed it from elsewhere in a PR many months ago as a direct result of a decision by the PLT #12534. however it was still left here (probably because here it was named LICENSES not CREDITS) and still referred to in the header of all the language files

@wilsonge Any decision?

It is essential that any major actions involving licensing passes through the legal team for qualification, and i would say in this case also through the lawyer.

The consequences of changing something on a whim could be disastrous.

So please formulate a cohesive plan and ask legal team to help run it through and then lets get it approval stamp from the lawyers (and their insurance covering).

yes please lets spend a lot of money on lawyers for fixing a bug.

@Bakual how to go on with this PR?

1 Month later: @Bakual how to go on with this PR?

Do we really need a separate set of copyright/license in installation (it's a different application just like site and admin are different applications)

No. installation/LICENSE can be removed, we only need to package the license file once and that is done at the root of the package (well, technically it's in all the Composer libraries as well, but that is because it is the license for that dependency).

The license.php file is miles out of date (the first license in there is the xml-rpc library which we haven't used since 1.5) - is this something we need to bundle (i'm not sure we do?) and if so then we should use this PR to update it

installation/LICENSES.php should be updated. This file contains the full text of all licenses of software used and distributed with the production builds. I am not aware if it is a legal requirement to distribute this file, but I do think it is fair to provide a quick reference to the licenses of all software which are distributed as dependencies of the CMS production package (this means the license for anything that is a development dependency, i.e. PHPUnit, can be excluded). It should be noted that each Composer installed library also includes the repository's license file.

The below is a list of licenses from our production dependencies installed via Composer, it seems all applicable licenses are covered by that file already:

Michaels-Mac-mini:joomla-cms mbabker$ composer licenses
Name: joomla/joomla-cms
Version: dev-staging
Licenses: GPL-2.0+
Dependencies:

Name                       Version  License       
ircmaxell/password-compat  v1.0.4   MIT           
joomla/application         1.7.0    GPL-2.0+      
joomla/compat              1.2.0    GPL-2.0+      
joomla/data                1.2.0    GPL-2.0+      
joomla/di                  1.3.1    GPL-2.0+      
joomla/event               1.2.0    GPL-2.0+      
joomla/filter              1.3.2    GPL-2.0+      
joomla/input               1.2.0    GPL-2.0+      
joomla/ldap                1.1.2    GPL-2.0+      
joomla/registry            1.5.2    GPL-2.0+      
joomla/session             1.3.3    GPL-2.0+      
joomla/string              1.4.1    GPL-2.0+      
joomla/uri                 1.1.1    GPL-2.0+      
joomla/utilities           1.4.1    GPL-2.0+      
leafo/lessphp              v0.5.0   MIT, GPL-3.0  
paragonie/random_compat    v1.4.2   MIT           
phpmailer/phpmailer        v5.2.23  LGPL-2.1      
psr/log                    1.0.2    MIT           
simplepie/simplepie        1.3.1    BSD-3-Clause  
symfony/polyfill-php55     v1.3.0   MIT           
symfony/polyfill-php56     v1.3.0   MIT           
symfony/polyfill-util      v1.3.0   MIT           
symfony/yaml               v2.8.20  MIT           

We just need to cover our non-Composer dependencies and media assets now (we'll need the text of the Apache license at a minimum as that is what Bootstrap 2.3 is released under).

Unless someone from the TM/Legal teams wants to comment further, there should be nothing else to add other than acting on my responses to George's earlier concerns.

@mbabker for the js (in J4) we have full control over the licenses ( each one is included in the /vendor/name/license.txt) but we also have control over their package.json so we can extract the license type etc. Let me know what is needed and I'll come up with some code