Bug#874593: wims: no certificate check in the build rules

2017-11-18 Thread Georges Khaznadar 
Dear Marc,

I put your e-mail on the heap some times ago, thinking that it was a
message coming from the bugreports against upstream developers of Wims.

Then I reopened it today, and see that the bug report is about the
Debian package.

I agree with you, "wget --no-check-certificate" is not a good way to
build any package. However the debian package is not built by that
script (if that script was activated, the package build would certainly
fail in the environment used to create official packages, since there is
no network access for the build routine)

Currently, matjax support is silently dropped out, since Wims outputs
most of the math expressions either as PNG images or MATHML embedded
expressions, depending on the end user's preference. Dropping mathml has
little consequence for Wims' usability.

I shall close the bugreport.

Best regards,   Georges.

Marc Chantreux a écrit :
> Source: wims
> Severity: important
> 
> Dear Maintainer,
> 
> in the wims/compile (line 44), you don't seem to test any sum and you
> ignore the certificate.
> 
> wget --no-check-certificate 
> http://github.com/mathjax/MathJax/zipball/$vmathjax-latest
> 
> well ... this is frighten me as potential user with security concerns
> and i hope this report can help you to make things more trustable.
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation?
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
>* What was the outcome of this action?
>* What outcome did you expect instead?
> 
> *** End of the template - remove these template lines ***
> 
> 
> -- System Information:
> Debian Release: 9.1
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
> LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)

-- 
Georges KHAZNADAR et Jocelyne FOURNIER
22 rue des mouettes, 59240 Dunkerque France.
Téléphone +33 (0)3 28 29 17 70



signature.asc
Description: PGP signature

Bug#874593: wims: no certificate check in the build rules

2017-09-07 Thread Marc Chantreux 
Source: wims
Severity: important

Dear Maintainer,

in the wims/compile (line 44), you don't seem to test any sum and you
ignore the certificate.

wget --no-check-certificate 
http://github.com/mathjax/MathJax/zipball/$vmathjax-latest

well ... this is frighten me as potential user with security concerns
and i hope this report can help you to make things more trustable.

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)