Updating nbconvert : problems with privacy breaches
Hi,
looking into finishing packaging nbconvert's latest version (thanks
Ondřej Nový and Gordon Ball for the help!), lintian had quite a few
complaints about privacy breaches:
W: python-nbconvert-doc: privacy-breach-generic
usr/share/doc/python-nbconvert-doc/html/customizing.html [<script
src="https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js">]
(https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js)
E: python-nbconvert-doc: privacy-breach-uses-embedded-file
usr/share/doc/python-nbconvert-doc/html/customizing.html You may use the
libjs-jquery package.
(https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js)
E: python-nbconvert-doc: privacy-breach-uses-embedded-file
usr/share/doc/python-nbconvert-doc/html/customizing.html You may use the
libjs-mathjax package.
(https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/mathjax.js?config=tex-ams_html)
And indeed grepping the source code, there are a few places with links
to cloudflare.com :
./docs/source/customizing.ipynb: " <script
src=\"https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-AMS_HTML\"></script>\n",
./nbconvert/postprocessors/serve.py: reveal_cdn =
Unicode("https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.5.0",
./nbconvert/exporters/slides.py: return
'https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.5.0'
./nbconvert/exporters/slides.py:
"https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js",
./nbconvert/exporters/slides.py:
"https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js",
./nbconvert/exporters/slides.py:
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css",
./nbconvert/templates/html/full.tpl:<script
src="https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js"></script>
./nbconvert/templates/html/full.tpl:<script
src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
./nbconvert/templates/html/mathjax.tpl:{%- macro
mathjax(url='https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS_HTML')
-%}
Touching docs/source/customizing.ipynb to patch out cloudflare links
should be ok : it's the source of customizing.html, which ends up in
python-nbconvert-doc and is directly used on a Debian system. I don't
break anything by patching it.
But the other files... it's about changing the exporters and templates
during document generation ; and the resulting files might then get used
on non-Debian systems. In short : if I tamper with them to use Debian
local packages, that basically means nbconvert in Debian will produce
broken documents.
Perhaps patching customizing.html after it was built (using sed
magic...) is an acceptable solution?
Since I don't feel sure about my course of action, I thought it would be
better to ask for advice and ideas here.
Cheers,
jpuydt on irc.debian.org
Reply to: