Package: lintian Version: 2.5.31 I've got a package which now generates its documentation with the recently packaged mkdocs.
With mkdocs' default theme, I get tons of privacy-breach-* warnings. (I wonder if that's worth a bug report against mkdocs.) Luckily if I switch to the included readthedocs theme, I only get one (theme-related) privacy-breach-* warning for <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'> But the generated documentation still has code which may validate a privacy-breach-* warning, too: <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js"></script> The interesting point and the reason why there's a "maybe" in the title of this bug report is that the actual protocol is missing. This is a common but widely unknown trick to avoid mixed http/https contents. So IMHO this clearly is a privacy breach if such a documentation is read via a webserver running on localhost (e.g. via the dwww package). But if such documentation is only read via some file:///usr/share/doc/ URL, I doubt that these URLs without protocol will work as they are bound to use the same protocol as the page they're on. Which is neither http nor https in this case. So depending on the way the documentation is read, it is a privacy breach or not: * If the way the documentation is read does not matter if something counts as privacy breach, then lintian should warn about such kind of external resources being included. * If privacy breaches only matter for documentation directly read from the disc without network interaction being expected, not even via localhost, then feel free to close this bug report without a fix. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'buildd-unstable'), (400, 'stable'), (110, 'experimental'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-trunk-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages lintian depends on: ii binutils 2.25-7 ii bzip2 1.0.6-8 ii diffstat 1.58-1 ii file 1:5.22+15-2 ii gettext 0.19.4-1 ii hardening-includes 2.7 ii intltool-debian 0.35.0+20060710.2 ii libapt-pkg-perl 0.1.29+b2 ii libarchive-zip-perl 1.39-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.37-1+b1 ii libdigest-sha-perl 5.95-2 ii libdpkg-perl 1.18.0 ii libemail-valid-perl 1.195-1 ii libfile-basedir-perl 0.03-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl 0.410-1 ii libparse-debianchangelog-perl 1.2.0-1.1 ii libtext-levenshtein-perl 0.12-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.64-1 ii man-db 2.7.0.2-5 ii patchutils 0.3.4-1 ii perl [libdigest-sha-perl] 5.20.2-6 ii t1utils 1.38-4 ii xz-utils 5.1.1alpha+20120614-2+b3 Versions of packages lintian recommends: ii dpkg 1.18.0 ii libautodie-perl 2.25-1 ii libperlio-gzip-perl 0.18-3+b1 ii perl 5.20.2-6 ii perl-modules [libautodie-perl] 5.20.2-6 Versions of packages lintian suggests: ii binutils-multiarch 2.25-7 ii dpkg-dev 1.18.0 ii libhtml-parser-perl 3.71-1+b3 ii libtext-template-perl 1.46-1 ii libyaml-perl 1.13-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tiahnw1....@kiva6.ethz.ch