On Sat, Aug 11, 2018 at 10:12:03AM +0200, Markus Koschany wrote: > FTR: I have talked to Matthias Klose (doko) at DebConf18 about the > embedding of jquery into javadoc packages. He pointed me to a similar > discussion in doxygen which also embeds jquery while building doc packages. > > In short he doesn't consider it to be a worthwhile task because there is > a risk of breaking the documentation when Debian's system jquery version > is either too old or too new. The security risk of embedding jquery is > also rather low in this case because the documentation is static in > contrast to web applications and it is unlikely that users would be > affected by jquery vulnerabilities. > > README.jquery in doxygen explains the problem in more detail. > > https://sources.debian.org/src/doxygen/1.8.13-10/debian/README.jquery/ > > All in all there is no chance that a patch to change the current > situation would be accepted, hence I no longer intend to spend time on it.
Hi Markus, I'm glad that you were able to discuss this directly with Matthias, and thank you for sharing the gist of that conversation. For our sanity, I will take a look to see if we can get the severity of the lintian warning [1] reduced to some lower level (pedantic?) or completely ignored for javadoc packages. Cheers, tony [1] https://lintian.debian.org/tags/embedded-javascript-library.html
signature.asc
Description: PGP signature
