Page MenuHomePhabricator

TimedMediaHandler - loading external JS file in (browser?) test of TMH triggers debian lintian warning
Closed, DeclinedPublic

Description

0. Context

DEB packages of mediawiki and many of its extensions, are prepared as part of the WP-MIRROR project.
See https://www.mediawiki.org/wiki/Wp-mirror.

  1. Lintian

During the build process, lintian performs a great number of sanity checks, including seeing if any files would fetch data from an external website at runtime.

When lintian sees such a file, lintian will throw warnings like:

E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html You may use libjs-jquery-ui package. (http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js)
E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html You may use libjs-jquery package. (http://code.jquery.com/jquery-1.4.3.min.js)

The full text of the warning is:

"This package creates a potential privacy breach by fetching data from an external website at runtime. Please remove these scripts or external HTML resources.
Instead you can use the Debian package indicated in the hint, if it is compatible.
Severity: important, Certainty: possible
Check: files, Type: binary, udeb''
See https://lintian.debian.org/tags/privacy-breach-may-use-debian-package.html.

  1. Files which should not fetch from external websites at runtime

TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html
TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html

  1. Technical details

DEB standards version: 3.9.6
GIT branch: master

Details

Reference
bz71965
Related Gerrit Patches:
mediawiki/extensions/TimedMediaHandler : masterFix debian lintian warning

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:48 AM
bzimport added a project: TimedMediaHandler.
bzimport set Reference to bz71965.
bzimport added a subscriber: Unknown Object (MLST).

Its from an automated test file. These files are never shown to the user. I would be inclined to call this a false positive.

wpmirrordev renamed this task from Loading external JS file in (browser?) test of TMH triggers debian lintian warning to TimedMediaHandler - loading external JS file in (browser?) test of TMH triggers debian lintian warning.Jun 27 2015, 4:23 AM
wpmirrordev updated the task description. (Show Details)
wpmirrordev set Security to None.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJun 27 2015, 4:23 AM
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 4 2015, 6:08 PM

Change 256962 had a related patch set uploaded (by Paladox):
Fix debian lintian warning

https://gerrit.wikimedia.org/r/256962

Change 256962 abandoned by Hashar:
Fix debian lintian warning

Reason:
From the task, both HTML files are meant for dev testing and pointing to a CDN for jQuery is good enough.

The .deb package should just strip them out, eventually reusing the jQuery from mediawiki-core.

I am going to decline T73965 as well.

https://gerrit.wikimedia.org/r/256962

hashar closed this task as Declined.Dec 4 2015, 7:43 PM
hashar claimed this task.
hashar added a subscriber: hashar.

From the task, both HTML files are meant for dev testing and pointing to a CDN for jQuery is good enough.

The .deb package should just strip the HTML files out, eventually reusing the jQuery from mediawiki-core.