Review of new lintian tag

To: debian-l10n-english@lists.debian.org, nthykier@debian.org
Subject: Review of new lintian tag
From: bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Sun, 23 Mar 2014 13:35:26 +0000
Message-id: <[🔎] 1834904.4viM0i1J90@bastien-debian>
Could you please review the following text for lintian tags.

Sorry for the format, it is easier to generate as patch file.

---
 
+Tag: license-problem-non-free-RFC-BCP78
+Severity: serious
+Certainty: possible
+Info: The given source file is licensed under the newer RFC
+ license (BCP78).
+ .
+ The majority of IETF documents, such as RFCs, are not licensed
+ under DFSG-free terms, and should thus not be included in Debian main.
+ .
+ If this file is multi-licensed, please override the tag.
+ .
+ If this is a false-positive, please report a bug against Lintian.
+Ref: https://wiki.debian.org/NonFreeIETFDocuments


 
+Tag: license-problem-gfdl-non-official-text
+Severity: pedantic
+Certainty: possible
+Info: The given source file is licensed under GFDL, but using a non
+ official text for the no invariant part.
+ .
+ Please ask upstream to always use (case insensitive):
+ with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

+
+Tag: source-is-missing
+Severity: serious
+Certainty: possible
+Info: The source of the following file is missing. Lintian checked a few
+ possible path to found the source, and do not find it.
+ .
+ Please repack your package to include the source or add it to
+ debian/missing-sources dir.
+ .
+ If this is a false-positive, please report a bug against Lintian.


 Info: This package creates a potential privacy breach by fetching data
  from an external website at runtime. Please remove these scripts or
  external HTML resources.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-google-adsense
 Severity: serious
@@ -950,6 +957,13 @@ Info: This package creates a privacy breach by using Google AdSense.
  Note that using Google AdSense in a local copy of a page is a violation of
  the Google AdSense terms of use. This violation renders this package not
  distributable in Debian, and is thus a serious bug.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-donation
 Severity: serious
@@ -959,7 +973,14 @@ Info: This package create a potential privacy breach by fetching data
  from a donation website at runtime.
  .
  Please remove this privacy problem and add a note to the
- debian/upstream file using the donation field.
+ debian/upstream/metadata file using the donation field.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-logo
 Severity: serious
@@ -969,6 +990,13 @@ Info: This package creates a potential privacy breach by fetching a
  .
  Before using a local copy you should check that the logo is suitable
  for main. Ask debian-legal for advice.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-facebook
 Severity: serious
@@ -976,7 +1004,26 @@ Certainty: possible
 Info:  This package creates a privacy breach by exchanging data with
  Facebook at runtime via plugins such as "Share" or "Like" buttons.
  .
- Please remove these scripts or frames.
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
+
+Tag: privacy-breach-google-plus
+Severity: serious
+Certainty: possible
+Info: This package creates a potential privacy breach by 
+ exchanging data with google+ at runtime via plugins such
+ as "+1" buttons.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-google-cse
 Severity: serious
@@ -985,26 +1032,52 @@ Info: This package creates a potential privacy breach by fetching
  data from Google at runtime, and may feed private data to Google via
  Custom Search Engine queries.
  .
- Please remove these scripts.
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
+
+Tag: privacy-breach-twitter
+Severity: serious
+Certainty: possible
+Info: This package creates a potential privacy breach by
+ exchanging data with twitter at runtime via plugins.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-piwik
 Severity: serious
 Certainty: possible
-Info: This package creates a privacy breach by using Piwik.
+Info: This package creates a privacy breach by using an online 
+ Piwik module.
+ .
  Piwik is a free and open source web analytics application, designed to
  allow publishers of websites to track visitors.
  .
  Even though Piwik is free and respects the "Do Not Track" browser
- option, it is nevertheless a breach of the privacy of web users.
+ option, it is nevertheless a breach of the privacy of web users,
+ by fetching data from internet.
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-statistics-website
-Severity: important
+Severity: serious
 Certainty: possible
 Info: This package creates a privacy breach by fetching data from
  an external website in order to compile visitor statistics.
  .
- Please remove these scripts.
- .
  Please ask upstream to use the free software web analytics engine
  Piwik, which respects the "Do Not Track" browser option.
  .
@@ -1012,9 +1085,17 @@ Info: This package creates a privacy breach by fetching data from
  * cruel-carlota.pagodabox.com
  * linkexchange.com (defunct)
  * nedstatbasic.net
+ * onestat.com
  * statcounter.com
  * sitemeter.com
  * webstats.motigo.com
+ .
+ Please replace any scripts, images or other remote resources with
+ non-remote resources. It is preferrable to replace them with text and
+ links but local copies of the remote resources are also acceptable as
+ long as they don't also make calls to remote services. Please ensure
+ that the remote resources are suitable for Debian main before making
+ local copies of them.
 
 Tag: privacy-breach-w3c-valid-html
 Severity: serious
@@ -1025,12 +1106,12 @@ Info: This package creates a potential privacy breach by fetching W3C
  validation icons.
  .
  These badges may be displayed to tell readers that care has been
- taken to make a page compliant with W3C standards. Unfortunately,
+ taken to make a page compliant with W3C standards.  Unfortunately,
  downloading the image from www.w3.org might expose the reader's IP
  address to potential tracking.
  .
  Note that these icons are non-free and must not be copied into the
- package. You could safely delete this W3C validation badge.
+ package.  You could safely delete this W3C validation badge.
Reply to:
Follow-Ups:
- Re: Review of new lintian tag
  - From: Justin B Rye <justin.byam.rye@gmail.com>
Prev by Date: [LCFC] templates://wims-moodle/{templates}
Next by Date: Re: Review of new lintian tag
Previous by thread: Re: Review for "PermitRootLogin without-password" change
Next by thread: Re: Review of new lintian tag
Index(es):
- Date
- Thread