-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello All,
On 07/10/16 15:44, Frederic Bonnard wrote: > Thanks Benoit for all the documentation work. > The package looks good to me. > Good catch for the audio link ; indeed lintian does not seem to handle <audio> > element (I sent a patch : https://bugs.debian.org/840009 ) > > As a side node, I'd advise you consider (report from check-all-the-things > tool) : > - adding some upstream metadata: https://wiki.debian.org/UpstreamMetadata I added a d/u/metadata file. > - asking upstream to sign their release (debian-watch-may-check-gpg-signature) > : https://wiki.debian.org/Creating%20signed%20GitHub%20releases The source tarball is fetched from a debian URL. > I still have to follow those advises for my packages :) The list is rather long, and I guess that it must be considered with distance: Thanks, Jerome > > F. > > On Fri, 7 Oct 2016 00:58:08 +0100, Jerome BENOIT <calcu...@rezozer.net> wrote: > Hello, > > On 05/10/16 13:26, Frederic Bonnard wrote: >>>> Thanks Benoit/Ghislain, >>>> indeed with experimental archive it's much better :) >>>> >>>> Benoit, >>>> my last point would be about privacy-breach-generic lintian. >>>> You overrided it with : >>>> -- >>>> N: The involved links are meant to illustrate URL examples, so it is >>>> meaningless >>>> N: to bring the involved material in a local folder. >>>> -- >>>> >>>> I agree that bringing stuff locally (as it is advised in the lintian >>>> description) is useless when the goal is to show the code for how to embed >>>> content of remote images/videos URLs. >>>> Though I still think there's a breach, as loading the documentation makes >>>> your >>>> browser connect to the internet, load images but also javascripts and so >>>> on, which >>>> is originally the reason of this lintian definition (or let me know if I'm >>>> wrong). >>>> Even if you point to DFSG-free ressources, you'll have your browser that >>>> will still >>>> connect outside, and that's the issue in my understanding. >>>> >>>> I've been thinking about this and reading your discussion with Paul Wise, >>>> I came to the following idea : why not changing after generation the html >>>> (sed...) : >>>> >>>> For images : >>>> --- >>>> -<img src="https://www.python.org/static/img/python-logo-large.png"/></div> >>>> +<img src="about:blank" alt="This image : >>>> https://www.python.org/static/img/python-logo-large.png should be >>>> displayed, but it got removed because of >>>> https://lintian.debian.org/tags/privacy-breach-generic.html." >>>> --- >>>> >>>> and for the embedded video : >>>> >>>> --- >>>> <iframe >>>> width="400" >>>> height="300" >>>> - src="https://www.youtube.com/embed/WAikxUGbomY" >>>> + src="about:blank" >>>> frameborder="0" >>>> allowfullscreen >>>> + srcdoc="This video : https://www.youtube.com/embed/WAikxUGbomY should >>>> be displayed, but it got removed because of >>>> https://lintian.debian.org/tags/privacy-breach-generic.html." >>>> ></iframe></div> >>>> --- >>>> >>>> That way, you'll keep the source code example clean, and despite the fact >>>> the html >>>> is modified, the user reading the documentation will still understand the >>>> example, what >>>> it should do, what is displayed and altered and why. >>>> Ok the documentation html code is modified but the goal of the doc is to >>>> get >>>> the idea of the use (source code) and visual result (rather than html >>>> output that got modified) >>>> I also thought of playing with Content-Security-Policy in <meta> of the >>>> document to block >>>> all outside connections but, I'm not sure all browser implement this >>>> correctly. >>>> It's also less understable for the reader to understand why things >>>> disappeared (except >>>> if this "framework" have information facilities). But it would be very >>>> good to fix >>>> all the privacy-breach-generic in a general manner. > > > When I wrote the lintian override, I have in mind beside the HTML output the > ipynb input, > only the former is taken into account by lintian. > Meanwhile, I relized that lintian was not able to point out an audio > privacy-breatch.. > > Anyway, I brought the suggested material. The hard part was the refreshment > of the debian/copyright file: > it is getting large. > > I hope the package is fine now. > > Thanks, > Jerome > > > >>>> >>>> >>>> F. >>>> > >> > - -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B -----BEGIN PGP SIGNATURE----- iQQcBAEBCgAGBQJYAvtEAAoJED+SGaZ/NsaLQTcgAIidYx0jfYBJ4qI+Kn55DnzQ 1vztDzW0Wiq7OzkEe+R5C8miAp+KX4y7yOQVLGXkGdJDDFL1aK/lWi+DR6swLndx 4+DACxTQIC7lMz2wiyz4pggU0UTFOUEAoms2CdU9HJnCYPZmRP5PDIoV/dOSdX1J ugFxSutqE71POO1llLS8eJ1s0c3av+8StEhF5SkunzdTsBa5QFdRwPw0eTtEA9gG HtYKgzatgyxWAtHc3ljF2ZGdHou7Tp1z62uRwPWE1PjMSHV0x2EH1Yi2DjlaMD89 PrDJ/BxqJSVAF7h3HH3lxo1zCofwny/NZAVbIAgcG5Ta0WFG/2QB5eotdxiNRAdC UcO2yrwD1cCu6KX3llsClOZDfvvSQWeiokGzEeN+4Fx+9dpGDx+hNbCd/KtrtV2q vjmzmXi9wrcD6Kv99yAMp8hZPr4H1f/tRgRnQkPlfFha77U+GhNyrj0yGkd3FnKe oltraIfcxYkfRSXa6wA0co2fuWubB241kfEFSAftD/wUO214G9oCq5USIx2ipL/J yuCKdPSLZvUbGKoAxW9lXnw4k6h8PRlVPFp6qzYDvXGTfKyUAKGj6o6Cqhze2m9t mJefjU351Ov9BuCF2/NfwqpnS4eFqmAKr/yI2GvI8WJRjlYHhrTLrIR4oOC2lxvZ Of4yWY3W7Sx7H1O/N6nKJ2G3Xa/qMvSSFOzoI1wX/qPtUmeo4cYH9G+pTqMhPFLI blxKwIOUXNt4g/qBW38sEBNftBQw0RN6aPzqTtxEy7kcpE+3lBUn95mzwgaF6mC1 BFmOLnkS1ZQGQNCiMHGF3IOBQooYXW073CBU1IvAfGaTx8RbvnJyq/skqsKd1gWm sX4NZ/6n/PG6QPGv/BnN3kaOV5Ai8aA5SZJazMddUYfDnfib6VyZ9zr+ZRS+12zZ cookYrwiUMuICL0gGYoJrnQbdFRPHPr3p9Hr+V1noDG0HVNA5U54TIPesEROkzLa jTFqVsa0xsLf3YCqwqcjmE17a+J8/wCdYuzp5zUfcIkkaJebIqeAShZoMgyUgJtR hS0xOlQGe0WTiYAbV+ESWQYirU0JOSwTgi4W3guCHHinDRDRe/O6QFaKLi6XkDzn Fa79adthEf3uKRkPA12WVvgm0X+k3oXwR3S6VS8S9lXr2CPuefH+8GfVdvRygXj9 TWQIdS4P02MKVr8HxEujysUPFfizR84NwRuVl0/JatqwQfOG0zzU9TiCzfUFyAlf 78g+5CDa7itLckr1703bnBLQN+i4zlDNGJ6MpTX9RUC2SehhZERFkHD7sO9kTHIB xSAKYnlw1JXmD1AYFhVEojrgQv8h+QQyrZf1Z/AG3BefiIbgEHe7xr4rybPiSnc= =sE17 -----END PGP SIGNATURE-----