Last modified: 2014-10-12 18:50:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T73965, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 71965 - Loading external JS file in (browser?) test of TMH triggers debian lintian warning
Loading external JS file in (browser?) test of TMH triggers debian lintian wa...
Status: UNCONFIRMED
Product: MediaWiki extensions
Classification: Unclassified
TimedMediaHandler (Other open bugs)
master
All Linux
: Low major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-11 21:29 UTC by wp mirror
Modified: 2014-10-12 18:50 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description wp mirror 2014-10-11 21:29:20 UTC 
Dear Sir or Madam,

0) Context

DEB packages of `mediawiki' and many of its extensions, are prepared as part of the WP-MIRROR project (see <https://www.mediawiki.org/wiki/Wp-mirror>). 

1) Lintian

During the build process, `lintian' performs a great number of sanity checks, including seeing if any files would fetch data from an external website at runtime.

When `lintian' sees such a file,`lintian' will throw warnings like:

E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html You may use libjs-jquery-ui package. (http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js)
E: wp-mirror-mediawiki-extensions: privacy-breach-may-use-debian-package usr/share/wp-mirror-mediawiki/extensions/TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html You may use libjs-jquery package. (http://code.jquery.com/jquery-1.4.3.min.js)

The full text of the warning is:

``This package creates a potential privacy breach by fetching data from an external website at runtime. Please remove these scripts or external HTML resources.
Instead you can use the Debian package indicated in the hint, if it is compatible.
Severity: important, Certainty: possible
Check: files, Type: binary, udeb''

(see <https://lintian.debian.org/tags/privacy-breach-may-use-debian-package.html>)

2) Files which should not fetch from external websites at runtime

TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_IncludeJQuery.html
(fetches <http://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js>)
TimedMediaHandler/MwEmbedModules/EmbedPlayer/tests/Player_Native_Bindings.html
(fetches <http://code.jquery.com/jquery-1.4.3.min.js>)

Suggestion: the files `jquery-ui.min.js' and `jquery-1.4.3.min.js' can be included in the GIT repository.

3) Technical details

DEB standards version: 3.9.6
GIT branch: wmf/1.24wmf22

Sincerely Yours,
Kent
Comment 1 Bawolff (Brian Wolff) 2014-10-11 21:39:26 UTC 
Its from an automated test file. These files are never shown to the user. I would be inclined to call this a false positive.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links