insecure content on: https://gnu.org/software/guix/packages/

  • Done
  • quality assurance status badge
Details
3 participants
  • Andreas Enge
  • Jean Louis
  • Ludovic Courtès
Owner
unassigned
Submitted by
Jean Louis
Severity
normal

Debbugs page

Jean Louis wrote 9 years ago
(address . bug-guix@gnu.org)
20160310001030.GA24372@protected.rcdrun.com
The icecat is reporting insecure content on:

and it shall be corrected, as package "Expand" is not visible.

Jean Louis
Ludovic Courtès wrote 9 years ago
(name . Jean Louis)(address . guix@rcdrun.com)(address . 22972@debbugs.gnu.org)
87zitnt108.fsf@gnu.org
Jean Louis <guix@rcdrun.com> skribis:

Toggle quote (5 lines)
> The icecat is reporting insecure content on:
> https://gnu.org/software/guix/packages/
>
> and it shall be corrected, as package "Expand" is not visible.

I believe this is no longer the case, or at least IceCat 38.6.0-gnu1
does not show any such problem here.

Could you confirm?

Thanks,
Ludo’.
Jean Louis wrote 9 years ago
(name . Ludovic Courtès)(address . ludo@gnu.org)(name . Jean Louis)(address . guix@rcdrun.com)(address . 22972@debbugs.gnu.org)
20160325094356.GK5051@protected.rcdrun.com
Hello,

The content is insecure as shown by Icecat. That happens because either
scripts are included (did not check it) which are with http://or images
(I did check it).

When website wants to provide secure and non-secure version, in that
case, one shall check all links to scripts and images, that they can be
accessed by secure browsing, and then instead of writing http://, one
can simply write // like <img src="//www.gnu.org/some-image.jpg">

Small remark to the page with packages: it is in few lines,
which makes editing, even with Emacs harder. There shall be new lines or
indenting after > or after each package. Otherwise it makes editing the
HTML very hard (I know there is source, but looking inside of HTML is
difficult).

The package descriptions shall not be opened by Javascript but on the
long run, each package shall get its own page, and of course there shall
be search engine, just like with Debian. This all becomes totally easy
with guix being Guile module, and exciting.

Louis

On Fri, Mar 25, 2016 at 09:28:23AM +0100, Ludovic Courtès wrote:
Toggle quote (14 lines)
> Jean Louis <guix@rcdrun.com> skribis:
>
> > The icecat is reporting insecure content on:
> > https://gnu.org/software/guix/packages/
> >
> > and it shall be corrected, as package "Expand" is not visible.
>
> I believe this is no longer the case, or at least IceCat 38.6.0-gnu1
> does not show any such problem here.
>
> Could you confirm?
>
> Thanks,
> Ludo’.
Ludovic Courtès wrote 9 years ago
(name . Jean Louis)(address . guix@rcdrun.com)(address . 22972@debbugs.gnu.org)
87k2kqpwfu.fsf@gnu.org
Jean Louis <guix@rcdrun.com> skribis:

Toggle quote (2 lines)
> The content is insecure as shown by Icecat.

IceCat doesn’t “show” me this. What are you referring to?

Toggle quote (3 lines)
> That happens because either scripts are included (did not check it)
> which are with http:// or images (I did check it).

Right, project logos come from different places, and not necessarily
https. I understand that this can be a problem. However, at least for
now, we don’t copy those logos to www.gnu.org, so it seems there’s not
much we can do.

Toggle quote (6 lines)
> Small remark to the page with packages: it is in few lines,
> which makes editing, even with Emacs harder. There shall be new lines or
> indenting after > or after each package. Otherwise it makes editing the
> HTML very hard (I know there is source, but looking inside of HTML is
> difficult).

As you write, this is not meant to be edited, so… :-)

Toggle quote (5 lines)
> The package descriptions shall not be opened by Javascript but on the
> long run, each package shall get its own page, and of course there shall
> be search engine, just like with Debian. This all becomes totally easy
> with guix being Guile module, and exciting.

Yes, definitely. Dave’s guix-web¹ does that and more. I think we
should consider running it with actions disabled (i.e., no
installing/removing/upgrading), probably behind nginx to cache things a
bit.

Any takers?

Thanks,
Ludo’.

Andreas Enge wrote 7 years ago
Re: insecure content on: https://gnu.org/software/guix/packages/
(address . 22972-done@debbugs.gnu.org)
20180205214658.GA28828@jurong
The new page does not contain any logos, and Icecat does not show any
problem. Closing this bug.

Andreas
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 22972@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 22972
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help