GNU bug report logs -
#22972
insecure content on: https://gnu.org/software/guix/packages/
Previous Next
Reported by: Jean Louis <guix <at> rcdrun.com>
Date: Thu, 10 Mar 2016 00:16:02 UTC
Severity: normal
Done: Andreas Enge <andreas.enge <at> inria.fr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 22972 in the body.
You can then email your comments to 22972 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#22972; Package
guix.
(Thu, 10 Mar 2016 00:16:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jean Louis <guix <at> rcdrun.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Thu, 10 Mar 2016 00:16:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The icecat is reporting insecure content on:
https://gnu.org/software/guix/packages/
and it shall be corrected, as package "Expand" is not visible.
Jean Louis
Information forwarded
to
bug-guix <at> gnu.org:
bug#22972; Package
guix.
(Fri, 25 Mar 2016 08:29:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 22972 <at> debbugs.gnu.org (full text, mbox):
Jean Louis <guix <at> rcdrun.com> skribis:
> The icecat is reporting insecure content on:
> https://gnu.org/software/guix/packages/
>
> and it shall be corrected, as package "Expand" is not visible.
I believe this is no longer the case, or at least IceCat 38.6.0-gnu1
does not show any such problem here.
Could you confirm?
Thanks,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#22972; Package
guix.
(Fri, 25 Mar 2016 09:46:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 22972 <at> debbugs.gnu.org (full text, mbox):
Hello,
The content is insecure as shown by Icecat. That happens because either
scripts are included (did not check it) which are with http:// or images
(I did check it).
When website wants to provide secure and non-secure version, in that
case, one shall check all links to scripts and images, that they can be
accessed by secure browsing, and then instead of writing http://, one
can simply write // like <img src="//www.gnu.org/some-image.jpg">
Small remark to the page with packages: it is in few lines,
which makes editing, even with Emacs harder. There shall be new lines or
indenting after > or after each package. Otherwise it makes editing the
HTML very hard (I know there is source, but looking inside of HTML is
difficult).
The package descriptions shall not be opened by Javascript but on the
long run, each package shall get its own page, and of course there shall
be search engine, just like with Debian. This all becomes totally easy
with guix being Guile module, and exciting.
Louis
On Fri, Mar 25, 2016 at 09:28:23AM +0100, Ludovic Courtès wrote:
> Jean Louis <guix <at> rcdrun.com> skribis:
>
> > The icecat is reporting insecure content on:
> > https://gnu.org/software/guix/packages/
> >
> > and it shall be corrected, as package "Expand" is not visible.
>
> I believe this is no longer the case, or at least IceCat 38.6.0-gnu1
> does not show any such problem here.
>
> Could you confirm?
>
> Thanks,
> Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#22972; Package
guix.
(Fri, 25 Mar 2016 12:36:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 22972 <at> debbugs.gnu.org (full text, mbox):
Jean Louis <guix <at> rcdrun.com> skribis:
> The content is insecure as shown by Icecat.
IceCat doesn’t “show” me this. What are you referring to?
> That happens because either scripts are included (did not check it)
> which are with http:// or images (I did check it).
Right, project logos come from different places, and not necessarily
https. I understand that this can be a problem. However, at least for
now, we don’t copy those logos to www.gnu.org, so it seems there’s not
much we can do.
> Small remark to the page with packages: it is in few lines,
> which makes editing, even with Emacs harder. There shall be new lines or
> indenting after > or after each package. Otherwise it makes editing the
> HTML very hard (I know there is source, but looking inside of HTML is
> difficult).
As you write, this is not meant to be edited, so… :-)
> The package descriptions shall not be opened by Javascript but on the
> long run, each package shall get its own page, and of course there shall
> be search engine, just like with Debian. This all becomes totally easy
> with guix being Guile module, and exciting.
Yes, definitely. Dave’s guix-web¹ does that and more. I think we
should consider running it with actions disabled (i.e., no
installing/removing/upgrading), probably behind nginx to cache things a
bit.
Any takers?
Thanks,
Ludo’.
¹ https://git.dthompson.us/guix-web.git
Reply sent
to
Andreas Enge <andreas.enge <at> inria.fr>:
You have taken responsibility.
(Mon, 05 Feb 2018 21:48:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jean Louis <guix <at> rcdrun.com>:
bug acknowledged by developer.
(Mon, 05 Feb 2018 21:48:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 22972-done <at> debbugs.gnu.org (full text, mbox):
The new page does not contain any logos, and Icecat does not show any
problem. Closing this bug.
Andreas
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 06 Mar 2018 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 46 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.