[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updating nbconvert : problems with privacy breaches

Hi,
looking into finishing packaging nbconvert's latest version (thanks Ondřej Nový and Gordon Ball for the help!), lintian had quite a few complaints about privacy breaches:
W: python-nbconvert-doc: privacy-breach-generic usr/share/doc/python-nbconvert-doc/html/customizing.html [<script src="https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js";>] (https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js) E: python-nbconvert-doc: privacy-breach-uses-embedded-file usr/share/doc/python-nbconvert-doc/html/customizing.html You may use the libjs-jquery package. (https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js) E: python-nbconvert-doc: privacy-breach-uses-embedded-file usr/share/doc/python-nbconvert-doc/html/customizing.html You may use the libjs-mathjax package. (https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/mathjax.js?config=tex-ams_html)
And indeed grepping the source code, there are a few places with links to cloudflare.com :
./docs/source/customizing.ipynb: " <script src=\"https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-AMS_HTML\";></script>\n", ./nbconvert/postprocessors/serve.py: reveal_cdn = Unicode("https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.5.0";, ./nbconvert/exporters/slides.py: return 'https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.5.0' ./nbconvert/exporters/slides.py: "https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js";, ./nbconvert/exporters/slides.py: "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js";, ./nbconvert/exporters/slides.py: "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css";, ./nbconvert/templates/html/full.tpl:<script src="https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.10/require.min.js";></script> ./nbconvert/templates/html/full.tpl:<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js";></script> ./nbconvert/templates/html/mathjax.tpl:{%- macro mathjax(url='https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS_HTML') -%}
Touching docs/source/customizing.ipynb to patch out cloudflare links should be ok : it's the source of customizing.html, which ends up in python-nbconvert-doc and is directly used on a Debian system. I don't break anything by patching it.
But the other files... it's about changing the exporters and templates during document generation ; and the resulting files might then get used on non-Debian systems. In short : if I tamper with them to use Debian local packages, that basically means nbconvert in Debian will produce broken documents.
Perhaps patching customizing.html after it was built (using sed magic...) is an acceptable solution?
Since I don't feel sure about my course of action, I thought it would be better to ask for advice and ideas here. 

Cheers,

jpuydt on irc.debian.org
Reply to: