Bug#736360: lintian: do not warn about doxygen embedding jquery
found 736360 2.5.60 thanks Hi, > it seems that this correctly fixed for library embedding, but not for source- > missing: > > E: libimobiledevice source: source-is-missing docs/html/jquery.js line length > is 32402 characters (>512) Re-opening to track this properly. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#736360: lintian: do not warn about doxygen embedding jquery
On Wed, 22 Jan 2014 19:32:19 +0100 Helmut Grohne wrote: > Package: lintian > Version: 2.5.2 > Severity: normal > > Dear Maintainers, > > Please stop warning about jquery.js as embedded by Doxygen. I evaluated > all options at fixing this issue in Doxygen and conclude that a fix is > infeasible and its usefulness is limited. The issue and the problems > about fixing it are documented in /usr/share/doc/doxygen/README.jquery > (in the doxygen package >= jessie). Even if there were a security issue > in jquery, it will likely not affect any user via Doxygen. > > For detection I suggest to look for doxygen.png and doxygen.css. If both > are present, the jquery warning should be suppressed. Hi, it seems that this correctly fixed for library embedding, but not for source- missing: E: libimobiledevice source: source-is-missing docs/html/jquery.js line length is 32402 characters (>512) I think the same exception should be done for this tag. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#736360: lintian: do not warn about doxygen embedding jquery
tags 736360 + pending thanks Fixed in Git: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=3d58ecb4d542530c8ba2a2a6d6ccb4f5246ede0b Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#736360: lintian: do not warn about doxygen embedding jquery
On Sat, Feb 08, 2014 at 11:03:13PM +0100, Jakub Wilk wrote: > >Do you happen to have an alternative proposal in mind? > > Well, the simpler alternative is to make doxygen use unminified JS. I am not yet entirely convinced about the "simpler" yet. Thanks for the suggestion anyway. Upstream goes to great lengths to make using unminified JS hard. There is this jquery/split_jquery.pl script, that hacks jquery pieces of 1<<15 bytes. Of course the number of pieces is hard coded as 3 in various places. Even in the best case the file ending up in generated documentation as "jquery.js" is a compilation (concatenation) of various libraries. So it might not count as source either. To actually ship unminified JS, an alternative might be to replace the code that creates jquery.js with a file copy operation and shipping the JS outside the doxygen binary. There is a drafted patch for this variant at http://bugs.debian.org/736432#5. In any case simple is not an attribute of the process. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736360: lintian: do not warn about doxygen embedding jquery
* Helmut Grohne , 2014-02-03, 13:33: Security is not the only issue here. jquery.js created by Doxygen is minified, so there's a risk that we ship it without source. Thanks for highlighting the issue. Fortunately we already have a tool to work around this issue. It is called Built-Using. Last time I checked whether (dh_)doxygen should be simplifying the process of adding the Built-Using headers, I achieved no consensus on the value of such a change and discussion on what Built-Using is supposed to mean was still ongoing. If there is consensus now, we can use that tool to address this particular issue. Do you think that this would adequately address the availability of source? Yes. Do you happen to have an alternative proposal in mind? Well, the simpler alternative is to make doxygen use unminified JS. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736360: lintian: do not warn about doxygen embedding jquery
On Mon, Feb 03, 2014 at 12:39:10PM +0100, Jakub Wilk wrote: > Security is not the only issue here. jquery.js created by Doxygen is > minified, so there's a risk that we ship it without source. Thanks for highlighting the issue. Fortunately we already have a tool to work around this issue. It is called Built-Using. Last time I checked whether (dh_)doxygen should be simplifying the process of adding the Built-Using headers, I achieved no consensus on the value of such a change and discussion on what Built-Using is supposed to mean was still ongoing. If there is consensus now, we can use that tool to address this particular issue. Do you think that this would adequately address the availability of source? Do you happen to have an alternative proposal in mind? Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736360: lintian: do not warn about doxygen embedding jquery
* Helmut Grohne , 2014-01-22, 19:32: Please stop warning about jquery.js as embedded by Doxygen. I evaluated all options at fixing this issue in Doxygen and conclude that a fix is infeasible and its usefulness is limited. The issue and the problems about fixing it are documented in /usr/share/doc/doxygen/README.jquery (in the doxygen package >= jessie). Even if there were a security issue in jquery, it will likely not affect any user via Doxygen. Security is not the only issue here. jquery.js created by Doxygen is minified, so there's a risk that we ship it without source. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736360: lintian: do not warn about doxygen embedding jquery
Package: lintian Version: 2.5.2 Severity: normal Dear Maintainers, Please stop warning about jquery.js as embedded by Doxygen. I evaluated all options at fixing this issue in Doxygen and conclude that a fix is infeasible and its usefulness is limited. The issue and the problems about fixing it are documented in /usr/share/doc/doxygen/README.jquery (in the doxygen package >= jessie). Even if there were a security issue in jquery, it will likely not affect any user via Doxygen. For detection I suggest to look for doxygen.png and doxygen.css. If both are present, the jquery warning should be suppressed. Note that some maintainers have started replacing jquery.js in response to the lintian tag. Unfortunately what is named jquery.js does not only contain jquery. Thus some generated documentation is now broken. I would like lintian to error out if jquery.js of Doxygen-generated documentation is a symbolic link to the jquery package. Do you need a separate bug number for this? Thanks Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
