-----BEGIN PGP SIGNED MESSAGE-----
On 07/10/16 15:44, Frederic Bonnard wrote:
> Thanks Benoit for all the documentation work.
> The package looks good to me.
> Good catch for the audio link ; indeed lintian does not seem to handle <audio>
> element (I sent a patch : https://bugs.debian.org/840009 )
> As a side node, I'd advise you consider (report from check-all-the-things
> tool) :
> - adding some upstream metadata: https://wiki.debian.org/UpstreamMetadata
I added a d/u/metadata file.
> - asking upstream to sign their release (debian-watch-may-check-gpg-signature)
> : https://wiki.debian.org/Creating%20signed%20GitHub%20releases
The source tarball is fetched from a debian URL.
> I still have to follow those advises for my packages :)
The list is rather long, and I guess that it must be considered with distance:
> On Fri, 7 Oct 2016 00:58:08 +0100, Jerome BENOIT <calcu...@rezozer.net> wrote:
> On 05/10/16 13:26, Frederic Bonnard wrote:
>>>> Thanks Benoit/Ghislain,
>>>> indeed with experimental archive it's much better :)
>>>> my last point would be about privacy-breach-generic lintian.
>>>> You overrided it with :
>>>> N: The involved links are meant to illustrate URL examples, so it is
>>>> N: to bring the involved material in a local folder.
>>>> I agree that bringing stuff locally (as it is advised in the lintian
>>>> description) is useless when the goal is to show the code for how to embed
>>>> content of remote images/videos URLs.
>>>> Though I still think there's a breach, as loading the documentation makes
>>>> on, which
>>>> is originally the reason of this lintian definition (or let me know if I'm
>>>> Even if you point to DFSG-free ressources, you'll have your browser that
>>>> will still
>>>> connect outside, and that's the issue in my understanding.
>>>> I've been thinking about this and reading your discussion with Paul Wise,
>>>> I came to the following idea : why not changing after generation the html
>>>> (sed...) :
>>>> For images :
>>>> -<img src="https://www.python.org/static/img/python-logo-large.png"/></div>
>>>> +<img src="about:blank" alt="This image :
>>>> https://www.python.org/static/img/python-logo-large.png should be
>>>> displayed, but it got removed because of
>>>> and for the embedded video :
>>>> - src="https://www.youtube.com/embed/WAikxUGbomY"
>>>> + src="about:blank"
>>>> + srcdoc="This video : https://www.youtube.com/embed/WAikxUGbomY should
>>>> be displayed, but it got removed because of
>>>> That way, you'll keep the source code example clean, and despite the fact
>>>> the html
>>>> is modified, the user reading the documentation will still understand the
>>>> example, what
>>>> it should do, what is displayed and altered and why.
>>>> Ok the documentation html code is modified but the goal of the doc is to
>>>> the idea of the use (source code) and visual result (rather than html
>>>> output that got modified)
>>>> I also thought of playing with Content-Security-Policy in <meta> of the
>>>> document to block
>>>> all outside connections but, I'm not sure all browser implement this
>>>> It's also less understable for the reader to understand why things
>>>> disappeared (except
>>>> if this "framework" have information facilities). But it would be very
>>>> good to fix
>>>> all the privacy-breach-generic in a general manner.
> When I wrote the lintian override, I have in mind beside the HTML output the
> ipynb input,
> only the former is taken into account by lintian.
> Meanwhile, I relized that lintian was not able to point out an audio
> Anyway, I brought the suggested material. The hard part was the refreshment
> of the debian/copyright file:
> it is getting large.
> I hope the package is fine now.
Jerome BENOIT | calculus+at-rezozer^dot*net
AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----