Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-26 Thread Russ Allbery 
Paul Wise  writes:

> Personally whenever I see this tag or this issue on upstream websites I
> will encourage them to either just drop GA or use piwik instead if they
> actually need what GA provides. I encourage everyone else on this list
> to do the same.

If we could manage to get piwik packaged for Debian, it would make this
easier to do (not to mention help out at my day job).

See:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448532

for some of the history.  I believe there are remaining non-free source
file issues (which may be fixable through simply repackaging upstream).

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87eh4z3rrb@windlord.stanford.edu

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-26 Thread Paul Wise 
On Thu, 2013-12-26 at 13:00 -0500, Andrew Starr-Bochicchio wrote:

> What exactly are you proposing? At least for Sphinx, and I imagine
> other tools, things like adsense aren't automatically injected into
> the html. The author must explicitly add this stuff into the template.
> I agree that we don't want package documentation in Debian to be
> calling home, but if someone using Sphinx as a static webpage
> generator wants to add Google Analytics to their site I don't see why
> Debian should have a position on that. I certainly don't see Sphinx
> upstream adding any code to automatically strip out such things. In
> fact, Sphinx Contrib contains a Google Analytics plugin that makes it
> easier to add the snippet to the generated files. It also adds a
> 'google_analytics' option to  conf.py which can be set to False to
> disable adding the snippet.

Thoughts:

Google Analytics is non-free JavaScript running in user's browsers and
non-free code running on Google servers. As promoters of software and
user freedom I think this provides a solid reason for us to encourage
upstreams to just drop GA or switch a libre alternative solution like
piwik if they need to analyse website visitor traffic.

Asking website visitors to report themselves to one of the larger
commercial surveillance and advertising networks in the world isn't a
particularly friendly thing to do. Most web browsers will blindly load
GA so in practice this is actually forcing most website visitors to
report to Google. Surveillance isn't good for user freedom so I think
this provides another reason to encourage upstreams to drop GA.

Personally whenever I see this tag or this issue on upstream websites I
will encourage them to either just drop GA or use piwik instead if they
actually need what GA provides. I encourage everyone else on this list
to do the same. I also encourage people to consider disabling JavaScript
in your browser by default. As the Tor/Firefox attacks (CVE-2013-1690)
showed, this is a good idea anyway.

> Maybe we should package this for Debian and encourage its use for
> people wanting to use GA. That way we'd only need a one line patch to
> conf.py rather than some script parsing all the html.

That sounds like a good idea.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-26 Thread Paul Tagliamonte 
On Thu, Dec 26, 2013 at 01:00:56PM -0500, Andrew Starr-Bochicchio wrote:
> What exactly are you proposing? At least for Sphinx, and I imagine
> other tools, things like adsense aren't automatically injected into
> the html.

Erm, my memory officially sucks. I was confusing Sphinx with
readthedocs, it's a config option there, and for some reason I thoguht
it was a config option for Sphinx.

Ignore that last mail.

Cheers,
  Paul

-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-26 Thread Andrew Starr-Bochicchio 
On Wed, Dec 25, 2013 at 7:06 PM, Paul Tagliamonte  wrote:
> On Thu, Dec 26, 2013 at 07:26:37AM +0800, Paul Wise wrote:
>> On Thu, Dec 26, 2013 at 4:57 AM, Jerome BENOIT wrote:
>>
>> > is there a proper way to get rid of the recent
>> > privacy-breach-google-adsense Lintian violation/error report [1] ?
>>
>> Same as with every issue in upstream code, report it to upstream and
>> get them to fix it, sending a patch if you are able. That way Debian
>> helps the free software community as a whole, which we promised to do
>> in our social contract:
>>
>> http://www.debian.org/social_contract
>
> I tend to agree. However, what would be doubleplusgood would be to get
> the tools like sphinx, doxygen, and friends to not insert the code when
> we're building a .deb - perhaps we should look at killing this bug in
> generated code by forcing the generated code to suck less.

What exactly are you proposing? At least for Sphinx, and I imagine
other tools, things like adsense aren't automatically injected into
the html. The author must explicitly add this stuff into the template.
I agree that we don't want package documentation in Debian to be
calling home, but if someone using Sphinx as a static webpage
generator wants to add Google Analytics to their site I don't see why
Debian should have a position on that. I certainly don't see Sphinx
upstream adding any code to automatically strip out such things. In
fact, Sphinx Contrib contains a Google Analytics plugin that makes it
easier to add the snippet to the generated files. It also adds a
'google_analytics' option to  conf.py which can be set to False to
disable adding the snippet.

Maybe we should package this for Debian and encourage its use for
people wanting to use GA. That way we'd only need a one line patch to
conf.py rather than some script parsing all the html.

Thanks,

-- Andrew Starr-Bochicchio

   Ubuntu Developer 
   Debian Developer 
   PGP/GPG Key ID: D53FDCB1


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAL6k_AwvU=cttrw+o6q9eppx2r+4urnah+xv6jpdwji4v-i...@mail.gmail.com

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Paul Tagliamonte 
On Thu, Dec 26, 2013 at 07:26:37AM +0800, Paul Wise wrote:
> On Thu, Dec 26, 2013 at 4:57 AM, Jerome BENOIT wrote:
> 
> > is there a proper way to get rid of the recent
> > privacy-breach-google-adsense Lintian violation/error report [1] ?
> 
> Same as with every issue in upstream code, report it to upstream and
> get them to fix it, sending a patch if you are able. That way Debian
> helps the free software community as a whole, which we promised to do
> in our social contract:
> 
> http://www.debian.org/social_contract

I tend to agree. However, what would be doubleplusgood would be to get
the tools like sphinx, doxygen, and friends to not insert the code when
we're building a .deb - perhaps we should look at killing this bug in
generated code by forcing the generated code to suck less.

Much love, 
  Paul


-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Jerome BENOIT 
Hi,

On 26/12/13 00:26, Paul Wise wrote:
> On Thu, Dec 26, 2013 at 4:57 AM, Jerome BENOIT wrote:
> 
>> is there a proper way to get rid of the recent
>> privacy-breach-google-adsense Lintian violation/error report [1] ?
> 
> Same as with every issue in upstream code, report it to upstream and
> get them to fix it, sending a patch if you are able.

Indeed, I would send a patch, hence my query.
I guess I was also confused by the nature of the issue.

 That way Debian
> helps the free software community as a whole, which we promised to do
> in our social contract:
> 
Totally agree.

> http://www.debian.org/social_contract
> 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52bb724e.5030...@rezozer.net

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Paul Wise 
On Thu, Dec 26, 2013 at 4:57 AM, Jerome BENOIT wrote:

> is there a proper way to get rid of the recent
> privacy-breach-google-adsense Lintian violation/error report [1] ?

Same as with every issue in upstream code, report it to upstream and
get them to fix it, sending a patch if you are able. That way Debian
helps the free software community as a whole, which we promised to do
in our social contract:

http://www.debian.org/social_contract

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKTje6F3CxF5ePptF_Z0Ord3F1K84Tzn+ys=v2=qpqgjttf...@mail.gmail.com

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Jerome BENOIT 
Thanks for the hints and the scripts.
I am on my way to update my package.

On 25/12/13 22:46, Bastien ROUCARIES wrote:
> On Wed, Dec 25, 2013 at 10:41 PM, Bastien ROUCARIES
>  wrote:
>> On Wed, Dec 25, 2013 at 10:20 PM, Jerome BENOIT  
>> wrote:
>>> Hi,
>>>
>>> On 25/12/13 22:04, Dominik George wrote:
 Hi,

> is there a proper way to get rid of the recent
> privacy-breach-google-adsense Lintian violation/error report [1] ?

 obviously, remove all Adsense and related spyware fetching code from
 your package.
>>>
>>> Obviously, but the problem is that the involved html pages correspond to
>>> the manual of my package so it sounds not reasonable to wipe them out:
>>> is there any tools that may help to clean up the corrupted html pages ?
>>
>> For imagemagick I use this. Note that your html document should be
>> valid before doing this.
> 
> Use it like this
> 
> override_dh_auto_install-indep:
> # now apply privacy cleanning rules
> find $(CURDIR)/debian/tmp-indep/usr/share/doc/imagemagick-doc \
>  -maxdepth 2 -type f -and -name '*.html' -and -not -empty -print0 
> \
>  | xargs -r -0 -n 1 debian/scripts/removeprivacybreach
> 
>>
>>> Thanks in advance,
>>> Jerome
>>>

 Cheers,
 Nik

>>>
>>>
>>> --
>>> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
>>> with a subject of "unsubscribe". Trouble? Contact 
>>> listmas...@lists.debian.org
>>> Archive: http://lists.debian.org/52bb4c0a.4080...@rezozer.net
>>>
> 
Best wishes,
Jerome

> 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52bb5820.4000...@rezozer.net

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Bastien ROUCARIES 
On Wed, Dec 25, 2013 at 10:41 PM, Bastien ROUCARIES
 wrote:
> On Wed, Dec 25, 2013 at 10:20 PM, Jerome BENOIT  wrote:
>> Hi,
>>
>> On 25/12/13 22:04, Dominik George wrote:
>>> Hi,
>>>
 is there a proper way to get rid of the recent
 privacy-breach-google-adsense Lintian violation/error report [1] ?
>>>
>>> obviously, remove all Adsense and related spyware fetching code from
>>> your package.
>>
>> Obviously, but the problem is that the involved html pages correspond to
>> the manual of my package so it sounds not reasonable to wipe them out:
>> is there any tools that may help to clean up the corrupted html pages ?
>
> For imagemagick I use this. Note that your html document should be
> valid before doing this.

Use it like this

override_dh_auto_install-indep:
# now apply privacy cleanning rules
find $(CURDIR)/debian/tmp-indep/usr/share/doc/imagemagick-doc \
 -maxdepth 2 -type f -and -name '*.html' -and -not -empty -print0 \
 | xargs -r -0 -n 1 debian/scripts/removeprivacybreach

>
>> Thanks in advance,
>> Jerome
>>
>>>
>>> Cheers,
>>> Nik
>>>
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
>> Archive: http://lists.debian.org/52bb4c0a.4080...@rezozer.net
>>


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAE2SPAYUccgf_=cr4pqtprbhmpfrfl1znnvkqo+vjwer+hj...@mail.gmail.com

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Bastien ROUCARIES 
On Wed, Dec 25, 2013 at 10:20 PM, Jerome BENOIT  wrote:
> Hi,
>
> On 25/12/13 22:04, Dominik George wrote:
>> Hi,
>>
>>> is there a proper way to get rid of the recent
>>> privacy-breach-google-adsense Lintian violation/error report [1] ?
>>
>> obviously, remove all Adsense and related spyware fetching code from
>> your package.
>
> Obviously, but the problem is that the involved html pages correspond to
> the manual of my package so it sounds not reasonable to wipe them out:
> is there any tools that may help to clean up the corrupted html pages ?

For imagemagick I use this. Note that your html document should be
valid before doing this.

> Thanks in advance,
> Jerome
>
>>
>> Cheers,
>> Nik
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/52bb4c0a.4080...@rezozer.net
>


removeprivacybreach
Description: Binary data


removeprivacybreach.xslt
Description: application/xslt

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Bastien ROUCARIES 
On Wed, Dec 25, 2013 at 10:20 PM, Jerome BENOIT  wrote:
> Hi,
>
> On 25/12/13 22:04, Dominik George wrote:
>> Hi,
>>
>>> is there a proper way to get rid of the recent
>>> privacy-breach-google-adsense Lintian violation/error report [1] ?
>>
>> obviously, remove all Adsense and related spyware fetching code from
>> your package.
>
> Obviously, but the problem is that the involved html pages correspond to
> the manual of my package so it sounds not reasonable to wipe them out:
> is there any tools that may help to clean up the corrupted html pages ?
>
> Thanks in advance,
> Jerome

You could use xslt script. It is quite easy to do. See xsltproc man page.

Bastien

>>
>> Cheers,
>> Nik
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/52bb4c0a.4080...@rezozer.net
>


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAE2SPAZTGi0xYO3a2t4QArW2PDoCAu6mV+ceeAFfuPD=v2e...@mail.gmail.com

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Dominik George 
Hi,

> Obviously, but the problem is that the involved html pages correspond to
> the manual of my package so it sounds not reasonable to wipe them out:
> is there any tools that may help to clean up the corrupted html pages ?

I assume there are Adsense images included from the HTML docs in your
package. So add a patch to your package (e.g. with quilt) and have it
remove the Adsense stuff at build time.

-nik

-- 
 Ein Jabber-Account, sie alle zu finden; ins Dunkel zu treiben
und ewig zu binden; im NaturalNet, wo die Schatten droh'n ;)!

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296


signature.asc
Description: Digital signature

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Jerome BENOIT 
Hi,

On 25/12/13 22:04, Dominik George wrote:
> Hi,
> 
>> is there a proper way to get rid of the recent
>> privacy-breach-google-adsense Lintian violation/error report [1] ?
> 
> obviously, remove all Adsense and related spyware fetching code from
> your package.

Obviously, but the problem is that the involved html pages correspond to
the manual of my package so it sounds not reasonable to wipe them out:
is there any tools that may help to clean up the corrupted html pages ?

Thanks in advance,
Jerome 

> 
> Cheers,
> Nik
> 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52bb4c0a.4080...@rezozer.net

Re: privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Dominik George 
Hi,

> is there a proper way to get rid of the recent
> privacy-breach-google-adsense Lintian violation/error report [1] ?

obviously, remove all Adsense and related spyware fetching code from
your package.

Cheers,
Nik

-- 
* concerning Mozilla code leaking assertion failures to tty without D-BUS *
 That means, D-BUS is a tool that makes software look better
than it actually is.

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296


signature.asc
Description: Digital signature

privacy-breach-google-adsense: how to get rid of it ?

2013-12-25 Thread Jerome BENOIT 
Hello List,

is there a proper way to get rid of the recent
privacy-breach-google-adsense Lintian violation/error report [1] ?

Thnaks inadvance,
Jerome

[1] http://lintian.debian.org/tags/privacy-breach-google-adsense.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52bb46be.2060...@rezozer.net