Acknowledgement sent
to Helmut Grohne <[email protected]>:
New Bug report received and forwarded. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Wed, 22 Jan 2014 18:36:06 GMT) (full text, mbox, link).
Subject: lintian: do not warn about doxygen embedding jquery
Date: Wed, 22 Jan 2014 19:32:19 +0100
Package: lintian
Version: 2.5.2
Severity: normal
Dear Maintainers,
Please stop warning about jquery.js as embedded by Doxygen. I evaluated
all options at fixing this issue in Doxygen and conclude that a fix is
infeasible and its usefulness is limited. The issue and the problems
about fixing it are documented in /usr/share/doc/doxygen/README.jquery
(in the doxygen package >= jessie). Even if there were a security issue
in jquery, it will likely not affect any user via Doxygen.
For detection I suggest to look for doxygen.png and doxygen.css. If both
are present, the jquery warning should be suppressed.
Note that some maintainers have started replacing jquery.js in response
to the lintian tag. Unfortunately what is named jquery.js does not only
contain jquery. Thus some generated documentation is now broken. I would
like lintian to error out if jquery.js of Doxygen-generated
documentation is a symbolic link to the jquery package. Do you need a
separate bug number for this?
Thanks
Helmut
Subject: Re: Bug#736360: lintian: do not warn about doxygen embedding jquery
Date: Mon, 3 Feb 2014 12:39:10 +0100
* Helmut Grohne <[email protected]>, 2014-01-22, 19:32:
>Please stop warning about jquery.js as embedded by Doxygen. I evaluated
>all options at fixing this issue in Doxygen and conclude that a fix is
>infeasible and its usefulness is limited. The issue and the problems
>about fixing it are documented in /usr/share/doc/doxygen/README.jquery
>(in the doxygen package >= jessie). Even if there were a security issue
>in jquery, it will likely not affect any user via Doxygen.
Security is not the only issue here. jquery.js created by Doxygen is
minified, so there's a risk that we ship it without source.
--
Jakub Wilk
Acknowledgement sent
to Helmut Grohne <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Mon, 03 Feb 2014 12:36:07 GMT) (full text, mbox, link).
Subject: Re: Bug#736360: lintian: do not warn about doxygen embedding jquery
Date: Mon, 3 Feb 2014 13:33:15 +0100
On Mon, Feb 03, 2014 at 12:39:10PM +0100, Jakub Wilk wrote:
> Security is not the only issue here. jquery.js created by Doxygen is
> minified, so there's a risk that we ship it without source.
Thanks for highlighting the issue. Fortunately we already have a tool to
work around this issue. It is called Built-Using. Last time I checked
whether (dh_)doxygen should be simplifying the process of adding the
Built-Using headers, I achieved no consensus on the value of such a
change and discussion on what Built-Using is supposed to mean was still
ongoing. If there is consensus now, we can use that tool to address this
particular issue.
Do you think that this would adequately address the availability of
source? Do you happen to have an alternative proposal in mind?
Helmut
Subject: Re: Bug#736360: lintian: do not warn about doxygen embedding jquery
Date: Sat, 8 Feb 2014 23:03:13 +0100
* Helmut Grohne <[email protected]>, 2014-02-03, 13:33:
>>Security is not the only issue here. jquery.js created by Doxygen is
>>minified, so there's a risk that we ship it without source.
>
>Thanks for highlighting the issue. Fortunately we already have a tool
>to work around this issue. It is called Built-Using. Last time I
>checked whether (dh_)doxygen should be simplifying the process of
>adding the Built-Using headers, I achieved no consensus on the value of
>such a change and discussion on what Built-Using is supposed to mean
>was still ongoing. If there is consensus now, we can use that tool to
>address this particular issue.
>
>Do you think that this would adequately address the availability of
>source?
Yes.
>Do you happen to have an alternative proposal in mind?
Well, the simpler alternative is to make doxygen use unminified JS.
--
Jakub Wilk
Acknowledgement sent
to Helmut Grohne <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Sun, 09 Feb 2014 06:51:04 GMT) (full text, mbox, link).
Subject: Re: Bug#736360: lintian: do not warn about doxygen embedding jquery
Date: Sun, 9 Feb 2014 07:47:31 +0100
On Sat, Feb 08, 2014 at 11:03:13PM +0100, Jakub Wilk wrote:
> >Do you happen to have an alternative proposal in mind?
>
> Well, the simpler alternative is to make doxygen use unminified JS.
I am not yet entirely convinced about the "simpler" yet. Thanks for the
suggestion anyway.
Upstream goes to great lengths to make using unminified JS hard. There
is this jquery/split_jquery.pl script, that hacks jquery pieces of 1<<15
bytes. Of course the number of pieces is hard coded as 3 in various
places. Even in the best case the file ending up in generated
documentation as "jquery.js" is a compilation (concatenation) of various
libraries. So it might not count as source either. To actually ship
unminified JS, an alternative might be to replace the code that creates
jquery.js with a file copy operation and shipping the JS outside the
doxygen binary. There is a drafted patch for this variant at
http://bugs.debian.org/736432#5. In any case simple is not an attribute
of the process.
Helmut
Acknowledgement sent
to Chris Lamb <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Sat, 28 Oct 2017 18:00:03 GMT) (full text, mbox, link).
Source: lintian
Source-Version: 2.5.57
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 29 Oct 2017 12:14:30 +0000
Source: lintian
Binary: lintian
Built-For-Profiles: nocheck
Architecture: source all
Version: 2.5.57
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description:
lintian - Debian package checker
Closes: 718640736360878575879977
Changes:
lintian (2.5.57) unstable; urgency=medium
.
* Summary of tag changes:
+ Added:
- debian-rules-should-not-set-CFLAGS-from-noopt
.
* checks/control-file.pm:
+ [CL] Avoid false positives in debian-control-has-empty-field when the
field is wrapped onto a new line. Thanks to Mattia Rizzolo for the
report. (Closes: #879977)
* checks/cruft.desc:
+ [CL] Add example on how to remove trailing whitespace with sed.
+ [CL] Drop README.source from files to check against the
file-contains-trailing-whitespace tag as it can include quotes
from upstream that would be ideally left intact.
* checks/debhelper.pm:
+ [NT] Remove code handling named compat levels.
* checks/files.desc:
+ [CL] Ignore embedded jQuery libraries for Doxygen. (Closes: #736360)
* checks/rules.desc:
+ [CL] Warn if packages set CFLAGS if the value of DEB_BUILD_OPTIONS
contains noopt. (Closes: #718640)
.
* commands/lintian.pm:
+ [NT] Have lintian resignal between various stages of the
processing. Previously, ill-timed signals would be caught and
"semi-ignored" with lintian happily continuing to process the
next package. (Closes: #878575)
.
* data/debhelper/named-compat-levels:
+ [NT] Removed; no longer used.
Checksums-Sha1:
dec4d05fc0c0b7359140b2edd8d72768fcc117ea 2898 lintian_2.5.57.dsc
6b55830b4ecd83b03912985f75132617e7b1061c 1245140 lintian_2.5.57.tar.xz
8854f386d22b6e0ea79883215ae262ab74df404c 1069580 lintian_2.5.57_all.deb
4bd0eb98393f93eac4c7dc0e99463052082ad3dc 16245 lintian_2.5.57_amd64.buildinfo
Checksums-Sha256:
d17230b1a6f435cd4eba334670935002402fb1ed08fbc5ba70264283ca412389 2898 lintian_2.5.57.dsc
ce8438ef27ed367aba6ca5640d6a6f089ff18458516eddfd896bdd687618218f 1245140 lintian_2.5.57.tar.xz
1bcfe780a2fefb0afee119979ca7abeff994a508ec2059823421c29b6d93c29f 1069580 lintian_2.5.57_all.deb
5575e3da81ffa901c7ef903c53d2f8a948ee981b008c442a4b4ed2ecb7400780 16245 lintian_2.5.57_amd64.buildinfo
Files:
dd499cf365a9413fd0a0dece659ba43a 2898 devel optional lintian_2.5.57.dsc
14430f8591d3bf830ce8341f79c779e3 1245140 devel optional lintian_2.5.57.tar.xz
868e639a242538df703f1a6abbe7d83b 1069580 devel optional lintian_2.5.57_all.deb
4239d7daf54403481000c85000e6699d 16245 devel optional lintian_2.5.57_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAln1xpIACgkQHpU+J9Qx
Hlg9Vw//a+Q3iArQT6Wu1NFlAhsBXUF+tKZvea4aOCaMEhmsVnmfgDRQLN1+mX8R
WcLXo9C+IvKPNr481/R2kWf3CYXwNTJxxiL6m2eHWlQQcpMBTjp7XVf6DCDwdR8c
Ka2KiTOH8FGA8K+gqEDGzPLDtuaWQvNufdj/EN2HxVWo6N1Kobe10s/tO2sdDowf
sWNAuFEYU6nxFJEN6biaGix2BPoWsMv/il0+EtUrkKUeVxNFGI6Qe5AxqpXYeZjM
XNwPpBxLPvmflA9DkjCeUr1KkXh9trV5fvSftT5ylv7l2/3Iay6DNq8QloWNXXoz
ZeMebyNO9RzFTnaTA/7MrqxLTpq/gUZZpia8r5ircobZc+dXrVJJj7ohMWbBUrE9
jCoC666GKSUd8a0zRMfTZuy/dVu12hYUTKXSBKY/Xj+i1z4NELURHiTyMjTC0LPb
o4XQnRiSVMtv6SD+w8tnIeFLlduz9Fc58S43iFwB2qRG2FO90SnYRWRyNYppa9C9
KWNOuvkr3c5rTFpZHnzX0lLqeeF5c+LJjF10CrO4lkwglaxs4snFNyK7RsZB1LyN
QwDVEcf9uciLCqBMC4NKa5JpK0gddQXsL9528xNEPkWgAHR7LUTw1YQZCcYmzelK
JasNrc2PlK7VKme6ld8mG5mdYA6MhF4zPK+pSKQV4rSCEcW7HxI=
=QFoL
-----END PGP SIGNATURE-----
Acknowledgement sent
to Yves-Alexis Perez <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Wed, 29 Nov 2017 13:54:05 GMT) (full text, mbox, link).
On Wed, 22 Jan 2014 19:32:19 +0100 Helmut Grohne <[email protected]> wrote:
> Package: lintian
> Version: 2.5.2
> Severity: normal
>
> Dear Maintainers,
>
> Please stop warning about jquery.js as embedded by Doxygen. I evaluated
> all options at fixing this issue in Doxygen and conclude that a fix is
> infeasible and its usefulness is limited. The issue and the problems
> about fixing it are documented in /usr/share/doc/doxygen/README.jquery
> (in the doxygen package >= jessie). Even if there were a security issue
> in jquery, it will likely not affect any user via Doxygen.
>
> For detection I suggest to look for doxygen.png and doxygen.css. If both
> are present, the jquery warning should be suppressed.
Hi,
it seems that this correctly fixed for library embedding, but not for source-
missing:
E: libimobiledevice source: source-is-missing docs/html/jquery.js line length
is 32402 characters (>512)
I think the same exception should be done for this tag.
Regards,
--
Yves-Alexis
Acknowledgement sent
to Chris Lamb <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Lintian Maintainers <[email protected]>.
(Wed, 29 Nov 2017 14:00:03 GMT) (full text, mbox, link).
Subject: Re: Bug#736360: lintian: do not warn about doxygen embedding jquery
Date: Wed, 29 Nov 2017 22:57:39 +0900
found 736360 2.5.60
thanks
Hi,
> it seems that this correctly fixed for library embedding, but not for source-
> missing:
>
> E: libimobiledevice source: source-is-missing docs/html/jquery.js line length
> is 32402 characters (>512)
Re-opening to track this properly.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
Changed Bug title to 'lintian: do not emit source-is-missing for doxygen embedding jquery' from 'lintian: do not warn about doxygen embedding jquery'.
Request was from Chris Lamb <[email protected]>
to [email protected].
(Fri, 28 Dec 2018 17:33:05 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.