Re: secure URIs for Vcs fields?
Hi, Christian,
على السبت 26 آذار 2016 12:36، كتب Christian T. Steigies:
> Hi,
> there is a lintian warning when you use Vcs fields as described in:
> http://debian-science.alioth.debian.org/debian-science-policy.html
>
> But the browser and git fields are working with this setting.
>
> When I follow the lintian recommendation
> "Note that you can often just exchange e.g. git:// with https:// for repositories."
> from this page
> https://lintian.debian.org/tags/vcs-field-uses-insecure-uri.html
>
> the way several packages have already done, ie:
>
> Vcs-Browser: https://anonscm.debian.org/cgit/debian-science/packages/calculix-ccx.git
> Vcs-Git: https://anonscm.debian.org/debian-science/packages/calculix-ccx.git
>
There should be a "git" before debian-science:
https://anonscm.debian.org/git/debian-science/....
> Vcs-Browser is working, however I think the Vcs-Git is not working:
>
> cts@bunny:~/t>git clone https://anonscm.debian.org/debian-science/packages/calculix-ccx.git
> Cloning into 'calculix-ccx'...
> fatal: repository 'https://anonscm.debian.org/debian-science/packages/calculix-ccx.git/' not found
>
> Or is it working, only I fail to understand it?
>
> I have already changed this for another package, following an octave-*
> package as example. This works (somehow) in the webbrowser, but not for git checkout
>
> https://alioth.debian.org/anonscm/git/collab-maint/madbomber.git/
>
I think this will get in trouble with lintian for being a non-canonical
URL (using alioth.debian.org instead of anonscm.debian.org).
> What is the recommended way (for debian-science packages) to handle Vcs-Git
> entries in a secure way?
>
You might have looked at a bad example, but try the corrected URL as I
explained above and see if it works for you.
regards
Afif
--
Afif Elghraoui | عفيف الغراوي
http://afif.ghraoui.name
Reply to: