Bug#695890: powertop: html output should use libjs-jquery instead of http://ajax.googleapis.com/

Thu, 13 Dec 2012 19:45:15 -0800 

Package: powertop
Version: 2.0-0.2
Severity: normal

The html output generated by powertop includes a reference to
http://ajax.googleapis.com/.  

Some debian environments may have a local debian mirror, but be unable
to access the larger internet; other debian users may not want to
"phone home" to an outside server when viewing their powertop results;
other people may be concerned that the cleartext http access provides
a way for an attacker in control of their network to send modified
javascript to the web browser and potentially leak or modify the
contents of the report as it is being viewed.

For all of these reasons, it makes more sense for powertop on debian
to rely on libjs-jquery for its output file, instead of linking to
external media.

I see two approaches, both of which might mean that powertop should
Suggest: libjs-jquery:

 0) just replace the link
    "http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js";
    with "file:///usr/share/javascript/jquery/jquery.min.js"

 1) If libjs-jquery is installed, inject the contents of
    /usr/share/javascript/jquery/jquery.min.js into the generated
    output.  If libjs-jquery is not installed, replace the link as in
    approach 0 above.

approach 1 provides for a single viewable-anywhere output file (which
might be nice for viewing it off of the machine it was run on), but
would require a slightly more invasive patch.

Thanks for maintaining powertop in debian,

         --dkg

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages powertop depends on:
ii  libc6             2.13-37
ii  libgcc1           1:4.7.2-4
ii  libncursesw5      5.9-10
ii  libnl-3-200       3.2.7-4
ii  libnl-genl-3-200  3.2.7-4
ii  libpci3           1:3.1.9-5
ii  libstdc++6        4.7.2-4
ii  libtinfo5         5.9-10
ii  zlib1g            1:1.2.7.dfsg-13

powertop recommends no packages.

Versions of packages powertop suggests:
ii  cpufrequtils       008-1
ii  laptop-mode-tools  1.61-1

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to