Last modified: 2014-10-12 18:50:21 UTC
Dear Sir or Madam, 0) Context DEB packages of `mediawiki' and many of its extensions, are prepared as part of the WP-MIRROR project (see <https://www.mediawiki.org/wiki/Wp-mirror>). 1) Lintian During the build process, `lintian' performs a great number of sanity checks, including seeing if any files would fetch data from an external website at runtime. When `lintian' sees such a file,`lintian' will throw warnings like: E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html You may use libjs-jquery-ui package. (http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js) E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html You may use libjs-jquery package. (http://code.jquery.com/jquery-1.4.3.min.js) The full text of the warning is: ``This package creates a potential privacy breach by fetching data from an external website at runtime. Please remove these scripts or external HTML resources. Instead you can use the Debian package indicated in the hint, if it is compatible. Severity: important, Certainty: possible Check: files, Type: binary, udeb'' (see <https://lintian.debian.org/tags/privacy-breach-may-use-debian-package.html>) 2) Files which should not fetch from external websites at runtime TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html (fetches <http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js>) TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html (fetches <http://code.jquery.com/jquery-1.4.3.min.js>) Suggestion: the files `jquery-ui.min.js' and `jquery-1.4.3.min.js' can be included in the GIT repository. 3) Technical details DEB standards version: 3.9.6 GIT branch: wmf/1.24wmf22 Sincerely Yours, Kent
Its from an automated test file. These files are never shown to the user. I would be inclined to call this a false positive.