Re: [RFR] templates://gitalist/{gitalist-common.templates}

[Justin B Rye <jbr@edlug.org.uk>]

Jonas Genannt wrote:
> "Gravatar" is an web 2.0 service. You can store your avatars for your
> email addresses on Gravatar. And many services like Redmine supports
> this.
> 
> Look here: http://projects.puppetlabs.com/users/799
> 
> My avatar is fetched from gravatar.com.
> 
> I had spoke with upstream of gitalist to disabled that feature by
> request, because the browser will send the referrer to gravatar - so
> Gravatar knows your repository names and directory/filenames in your
> repro. Not very good if you use gitalist for your company code.

So maybe the template should say:

_Description: Enable Gravatar support?
 Gravatar is a web service associating user email addresses with
 "avatars". However, it can leak information about repositories,
 directories, and files via browser referrals to Gravatar, so support
 for it in gitalist is disabled by default.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Source: gitalist
Section: perl
Priority: optional
Build-Depends: debhelper (>= 8)
Build-Depends-Indep: perl (>= 5.10),
 git,
 libjs-jquery,
 libaliased-perl,
 libcatalyst-action-rest-perl,
 libcatalyst-controller-actionrole-perl,
 libcatalyst-modules-perl (>= 0.15),
 libcatalyst-perl (>= 5.80014),
 libcatalyst-plugin-unicode-encoding-perl,
 libcatalyst-view-component-subinclude-perl (>= 0.07),
 libcatalyst-view-tt-perl (>= 0.34),
 libconfig-general-perl,
 libdatetime-perl,
 libfile-copy-recursive-perl,
 libfile-type-perl,
 libfile-type-webimages-perl,
 libfile-which-perl,
 libgit-pure-perl (>= 0.47),
 libhtml-parser-perl,
 libipc-run-perl,
 libjson-perl,
 libjson-xs-perl,
 liblist-moreutils-perl,
 libmoose-perl,
 libmoose-autobox-perl,
 libmoosex-declare-perl (>= 0.32),
 libmoosex-storage-perl,
 libmoosex-types-common-perl,
 libmoosex-types-iso8601-perl,
 libmoosex-types-path-class-perl,
 libmoosex-types-perl,
 libnamespace-autoclean-perl,
 libpath-class-perl (>= 0.17),
 libsyntax-highlight-engine-kate-perl,
 libtemplate-perl (>= 2.22),
 libtemplate-plugin-cycle-perl,
 libtemplate-plugin-utf8decode-perl,
 libtest-utf8-perl,
 libtest-deep-perl,
 libtest-www-mechanize-catalyst-perl,
 libwww-mechanize-treebuilder-perl,
 libtry-tiny-perl,
 perl (>= 5.10.1) | libtest-simple-perl (>= 0.88)
Maintainer: Jonas Genannt <jonas.genannt@capi2name.de>
Uploaders: Jonathan Yu <jawnsy@cpan.org>
Standards-Version: 3.9.2
Homepage: http://search.cpan.org/dist/Gitalist/

Package: gitalist-common
Architecture: all
Depends: ${misc:Depends}, ${perl:Depends},
 git,
 libjs-jquery,
 libaliased-perl,
 libcatalyst-perl (>= 5.80014),
 libcatalyst-action-rest-perl,
 libcatalyst-controller-actionrole-perl,
 libcatalyst-modules-perl (>= 0.15),
 libcatalyst-plugin-unicode-encoding-perl,
 libcatalyst-view-component-subinclude-perl (>= 0.07),
 libcatalyst-view-tt-perl (>= 0.34),
 libconfig-general-perl,
 libdatetime-perl,
 libfile-copy-recursive-perl,
 libfile-type-perl,
 libfile-type-webimages-perl,
 libfile-which-perl,
 libgit-pure-perl (>= 0.47),
 libhtml-parser-perl,
 libipc-run-perl,
 libjson-perl,
 libjson-xs-perl,
 liblist-moreutils-perl,
 libmoose-autobox-perl,
 libmoose-perl,
 libmoosex-declare-perl (>= 0.32),
 libmoosex-storage-perl,
 libmoosex-types-common-perl,
 libmoosex-types-iso8601-perl,
 libmoosex-types-path-class-perl,
 libmoosex-types-perl,
 libnamespace-autoclean-perl,
 libpath-class-perl (>= 0.17),
 libsyntax-highlight-engine-kate-perl,
 libtemplate-perl (>= 2.22),
 libtemplate-plugin-utf8decode-perl,
 libtemplate-plugin-cycle-perl,
 libtry-tiny-perl
Description: modern Git web viewer
 Gitalist is a web frontend for Git repositories based on code from gitweb.cgi
 and powered by Catalyst (see the libcatalyst-perl package). It extends
 gitweb.cgi with many advanced features, including:
 .
  * Multiple repository support
  * Multiple branch support
  * Commit comparisons
  * Atom feeds
  * Color coded commit history

Package: gitalist-fastcgi
Architecture: all
Depends: ${misc:Depends}, ${perl:Depends}, gitalist-common (= ${binary:Version}), libfcgi-perl, libapache2-mod-fcgid | httpd
Description: FastCGI support for gitalist
 Gitalist is a web frontend for Git repositories based on code from gitweb.cgi
 and powered by Catalyst.
 .
 This package contains all necessary files for running gitalist
 as a FastCGI module within a webserver like Apache.

Template: gitalist/directory
Type: string
Default: /srv/git
_Description: Path to Git repositories:
 Please specify the path from which gitalist should serve Git repositories.
 .
 These should be "bare" repositories.

Template: gitalist/gravatar
Type: boolean
Default: false
_Description: Enable Gravatar support?
 Gravatar is a web service associating user email addresses with
 "avatars". However, it can leak information about repositories,
 directories, and files via browser referrals to Gravatar, so support
 for it in gitalist is disabled by default.

diff -ur old/control new/control
--- old/control	2011-07-28 09:12:50.373960769 +0100
+++ new/control	2011-08-02 12:48:05.173960759 +0100
@@ -92,8 +92,8 @@
  libtry-tiny-perl
 Description: modern Git web viewer
  Gitalist is a web frontend for Git repositories based on code from gitweb.cgi
- and powered by Catalyst (see the libcatalyst-perl package). It extends gitweb
- with many advanced features, including:
+ and powered by Catalyst (see the libcatalyst-perl package). It extends
+ gitweb.cgi with many advanced features, including:
  .
   * Multiple repository support
   * Multiple branch support
@@ -104,6 +104,9 @@
 Package: gitalist-fastcgi
 Architecture: all
 Depends: ${misc:Depends}, ${perl:Depends}, gitalist-common (= ${binary:Version}), libfcgi-perl, libapache2-mod-fcgid | httpd
-Description: FastCGI / fcgi support for gitalist
+Description: FastCGI support for gitalist
+ Gitalist is a web frontend for Git repositories based on code from gitweb.cgi
+ and powered by Catalyst.
+ .
  This package contains all necessary files for running gitalist
- as FastCGI module within an webserver like Apache.
+ as a FastCGI module within a webserver like Apache.
diff -ur old/gitalist-common.templates new/gitalist-common.templates
--- old/gitalist-common.templates	2011-07-28 09:12:47.181960015 +0100
+++ new/gitalist-common.templates	2011-08-03 10:25:07.713960567 +0100
@@ -1,18 +1,16 @@
 Template: gitalist/directory
 Type: string
 Default: /srv/git
-_Description: Directory where git repositories are stored:
- Please specify the directory where gitalist will serve the git
- repositories.
+_Description: Path to Git repositories:
+ Please specify the path from which gitalist should serve Git repositories.
  .
- These git repositories have to be bare repositories.
+ These should be "bare" repositories.
 
 Template: gitalist/gravatar
 Type: boolean
 Default: false
-_Description: Should gravatar support in gitalist enabled?
- Gravatar support in gitalist is disabled by default.
- .
- Warning: enabled gravatar support will leak your git
- repositories, directries and filenames in your git repro
- via browser referrer to gravatar.
+_Description: Enable Gravatar support?
+ Gravatar is a web service associating user email addresses with
+ "avatars". However, it can leak information about repositories,
+ directories, and files via browser referrals to Gravatar, so support
+ for it in gitalist is disabled by default.