Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx

To: calculus@rezozer.net
Cc: 838870@bugs.debian.org
Subject: Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
From: Frederic Bonnard <frediz@linux.vnet.ibm.com>
Date: Fri, 7 Oct 2016 16:44:29 +0200
Message-id: <[🔎] 20161007164429.GC15178@kin.test.toulouse-stg.fr.ibm.com>
Reply-to: Frederic Bonnard <frediz@linux.vnet.ibm.com>, 838870@bugs.debian.org
In-reply-to: <[🔎] f39f8f1c-bfe9-98d4-7242-21e6b0a3f29b@rezozer.net>
References: <20160925214029.20142.53243.reportbug@nen.dnsalias.org> <[🔎] 20161003155543.GO11135@kin.test.toulouse-stg.fr.ibm.com> <[🔎] 672d5bdd-0c69-c5eb-e373-24ee55509b86@rezozer.net> <[🔎] 20161005142602.GT11135@kin.test.toulouse-stg.fr.ibm.com> <[🔎] f39f8f1c-bfe9-98d4-7242-21e6b0a3f29b@rezozer.net>

Thanks Benoit for all the documentation work.
The package looks good to me.
Good catch for the audio link ; indeed lintian does not seem to handle <audio>
element (I sent a patch : https://bugs.debian.org/840009 )

As a side node, I'd advise you consider (report from check-all-the-things tool) :
- adding some upstream metadata: https://wiki.debian.org/UpstreamMetadata
- asking upstream to sign their release (debian-watch-may-check-gpg-signature)
  : https://wiki.debian.org/Creating%20signed%20GitHub%20releases
I still have to follow those advises for my packages :)

F.

On Fri, 7 Oct 2016 00:58:08 +0100, Jerome BENOIT <calculus@rezozer.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hello,
> 
> On 05/10/16 13:26, Frederic Bonnard wrote:
> > Thanks Benoit/Ghislain,
> > indeed with experimental archive it's much better :)
> > 
> > Benoit,
> > my last point would be about privacy-breach-generic lintian.
> > You overrided it with :
> > --
> > N: The involved links are meant to illustrate URL examples, so it is meaningless
> > N: to bring the involved material in a local folder.
> > --
> > 
> > I agree that bringing stuff locally (as it is advised in the lintian
> > description) is useless when the goal is to show the code for how to embed
> > content of remote images/videos URLs.
> > Though I still think there's a breach, as loading the documentation makes your
> > browser connect to the internet, load images but also javascripts and so on, which
> > is originally the reason of this lintian definition (or let me know if I'm wrong).
> > Even if you point to DFSG-free ressources, you'll have your browser that will still
> > connect outside, and that's the issue in my understanding.
> > 
> > I've been thinking about this and reading your discussion with Paul Wise,
> > I came to the following idea : why not changing after generation the html (sed...) :
> > 
> > For images :
> > ---
> > -<img src="https://www.python.org/static/img/python-logo-large.png"/></div>
> > +<img src="about:blank" alt="This image : https://www.python.org/static/img/python-logo-large.png should be displayed, but it got removed because of https://lintian.debian.org/tags/privacy-breach-generic.html.";
> > ---
> > 
> > and for the embedded video :
> > 
> > ---
> >  <iframe
> >      width="400"
> >      height="300"
> > -    src="https://www.youtube.com/embed/WAikxUGbomY";
> > +    src="about:blank"
> >      frameborder="0"
> >      allowfullscreen
> > +    srcdoc="This video : https://www.youtube.com/embed/WAikxUGbomY should be displayed, but it got removed because of https://lintian.debian.org/tags/privacy-breach-generic.html.";
> >  ></iframe></div>
> > ---
> > 
> > That way, you'll keep the source code example clean, and despite the fact the html
> > is modified, the user reading the documentation will still understand the example, what
> > it should do, what is displayed and altered and why.
> > Ok the documentation html code is modified but the goal of the doc is to get
> > the idea of the use (source code) and visual result (rather than html output that got modified)
> > I also thought of playing with Content-Security-Policy in <meta> of the document to block
> > all outside connections but, I'm not sure all browser implement this correctly.
> > It's also less understable for the reader to understand why things disappeared (except
> > if this "framework" have information facilities). But it would be very good to fix
> > all the privacy-breach-generic in a general manner.
> 
> 
> When I wrote the lintian override, I have in mind beside the HTML output the ipynb input,
> only the former is taken into account by lintian.
> Meanwhile, I relized that lintian was not able to point out an audio privacy-breatch..
> 
> Anyway, I brought the suggested material. The hard part was the refreshment of the debian/copyright file:
> it is getting large.
> 
> I hope the package is fine now.
> 
> Thanks,
> Jerome
> 
> 
> 
> > 
> > 
> > F.
> > 
> 
> - -- 
> Jerome BENOIT | calculus+at-rezozer^dot*net
> https://qa.debian.org/developer.php?login=calculus@rezozer.net
> AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B
> -----BEGIN PGP SIGNATURE-----
> 
> iQQcBAEBCgAGBQJX9uUQAAoJED+SGaZ/NsaL7W8f/i7CCIYZzleqbHqaCn1Hhz7V
> rCfXDVGuIfVsYoRQrFZX/w7DMOX6teiwwlOTiD4kwZc8YcwX+4E+ZkaHx4zCvqii
> QqFIXUWiVgJ+Z0+ZMdMi1X+ef708K5M/92iAKWBPFp6F2Kri7qJQsTwkrsVRMt7k
> RaldggeFiNTJfKqZFp6kLlh8acSFHOdccQ8/EAnBUT1Uz6xByWRofl1JA09zncZ/
> 4U7SaOH6p9Cfa3xa9SAN++BFDmOMjJ/J6NlJ6ieXg9+LV213l7WbU/hxD+YANtRu
> hICHZhvTNmX66S95nZKuPqCwla+CIEByO9p/973ocrrtQPktdyg+b8AV0vrkkxDA
> JmBxKiR3rwQs9oaN7er9zj2H97jMMJhH5THBbdWxXTSAAE645+x9G7M8sIq3CAxB
> feTaaXVElye8sKAU4PyI9smJrHs8GBKxmBWzf3hwsc+f11FjT7vgnt3NRTLs5oFH
> xN2xy/tvWAucnJXH7he7fJ+M9yh7jDidXlhS5NbzNrB5JeUdWkZL4mUGKS7sloXh
> KsGzaQ3OyaILpq4o79KGzl0vvYpxGLngTOlb+IITqsZVEVIwcW9CN4mr9bH7hLKt
> vzn9mEteOG3nADvQdUaBmJveuT5TcsHLE87rofCCjyo5LXzdzC0Ydtiph9UfDNX+
> pxBoEC/gCDSgEzQXSWGCbpkme3ZOlC1HK6vvp3g9lmoK0PO+a3yXvuxb+L36ixxL
> esWs92+kZUjPVcECdj7/cbGQIXxmMwUrBMmDB4qcjvlCt1KX0fyykFRgBGLINK3z
> MOtAX/WhLoWbLDiZDSwZQxdq5AafSOQKOV03feOjlTwS2/BHYGEHedRTaHWPI56o
> lavs3dlTqsEngb5U5mL6qwMWEJXD3tTDccH72+ZwTzIHtnZ/t0XdcXd4aeMOWXGY
> 6rwkoGo4xaqDsCCzEeE86gJFWgT4qyOuKtg+Z9TvUg206W+FpGNeHl8UhuRra7dc
> e/sZ+lMEo9N8X4VIj/xNzh4JFFxSnjTERXWw64FgyXZwW/PKx2PzTZ2U/mw1yEXz
> emsJjnTom+MYCA0lgmx1n5lTSB40I3Z7C0Wyz9sUBXmOA3rXND5GfqiFHnmuoQmV
> LBrLscpjQumCjDGkIOy8gw6CUTRsAKYP/8+Co0pxqkKyygM80FG3myOuMsTtox4+
> HJ3IKKXMufFFloebFSVOgwt6N5HsmoQP30iz6mLdRWzpJVPP/Fehe4DjoER8XcJK
> toICHz2XahUGW2yVtam7BF0AbqtOMEsfW/TN+SGiOTxtcrwV9ANnNwWrn/0m6ssH
> F1xkL4M91HwwWl/uPoRF9jUsHgotxWbdvaTamDokMCzxseiDPVHzUPEHPMcsSc8=
> =6IoF
> -----END PGP SIGNATURE-----
>

Reply to:

Follow-Ups:
- Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
  - From: Jerome BENOIT <calculus@rezozer.net>

References:
- Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
  - From: Frederic Bonnard <frediz@linux.vnet.ibm.com>
- Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
  - From: Jerome BENOIT <calculus@rezozer.net>
- Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
  - From: Frederic Bonnard <frediz@linux.vnet.ibm.com>
- Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
  - From: Jerome BENOIT <calculus@rezozer.net>

Prev by Date: Re: Version comparison with "+repack"
Next by Date: Bug#840011: RFS (on ITP): node-typescript/2.0.5-1
Previous by thread: Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
Next by thread: Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx
Index(es):
- Date
- Thread