Bug#738101: RFS: awstats/7.3+dfsg-1

To: Paul Wise <pabs@debian.org>
Cc: 738101@bugs.debian.org
Subject: Bug#738101: RFS: awstats/7.3+dfsg-1
From: Sergey B Kirpichev <skirpichev@gmail.com>
Date: Mon, 17 Feb 2014 15:07:48 +0400
Message-id: <[🔎] 20140217110748.GA2210@darkstar.order.hcn-strela.ru>
Reply-to: skirpichev@gmail.com, 738101@bugs.debian.org
In-reply-to: <[🔎] 1392600972.1141.48.camel@chianamo>
References: <52BEEC55.5000705@debian.org> <[🔎] 20140207182937.GA20493@darkstar.order.hcn-strela.ru> <[🔎] CAKTje6HUzSG8BfPaiXcNU_z1p8yCMiDhLJzTNjKjQ+pbtT_SNw@mail.gmail.com> <[🔎] 20140208102540.GA12454@darkstar.order.hcn-strela.ru> <[🔎] CAKTje6EYwddfdqLGqoziMkaOuZJH_aLO3kMr=s5OPEoBkD7e-g@mail.gmail.com> <[🔎] 20140216111906.GA15197@darkstar.order.hcn-strela.ru> <[🔎] 1392600972.1141.48.camel@chianamo>

On Mon, Feb 17, 2014 at 09:36:12AM +0800, Paul Wise wrote:
> On Sun, 2014-02-16 at 15:19 +0400, Sergey Kirpichev wrote:
> 
> > I hope, that's fixed in:
> > http://anonscm.debian.org/gitweb/?p=collab-maint/awstats.git;a=commit;h=9c8f27ceb7f9490387a32b9fb2f45b21f69f853d
> 
> It doesn't have any privacy issues, but:
> 
> It is utterly pointless to include a 1x1 tracking gif in a source
> package. The whole point of 1x1 GIFs is privacy violation

Yeah, probably it's so.  Removed.  Package on m.d.n was updated.

I was under impression what this is to workaround some formatting issues with some ancient browsers.

> Not sure if it makes sense to have <input type="image"> without the
> image in it. Please replace that with type="submit" and drop the border.
> 
> > Could you kindly provide a more detailed *technical*
> > suggestion in this case (facebook patch)?
> 
> This has PHP code for computing the URL but it should be easy to replace
> that part with a link to the page @ http://awstats.sourceforge.net/docs/
> 
> https://stackoverflow.com/questions/10988815/facebook-twitter-and-google-1-buttons-using-only-html-no-javascript

I don't sure if that does exactly what removed js is supposed to do.

https://developers.facebook.com/docs/plugins/like-button
asks to login, so I'll wait for a while, until this will not change...

btw, I doubt that this whole idea is working for urls like file:///usr/share/doc/...

> > It's not reasonable to believe, that every maintainer would read all
> > provided in the package *.html files in a regular way to find and fix
> > such problems.  Without automation - it's just a waste of time.
> 
> I didn't mention detection at all.

If not all - that's mostly useless.

> My objection was that your message
> implied you wouldn't fix these issues I detected and informed you about
> until lintian was fixed to detect the issues I detected manually.
> Sorry if I wasn't clear enough about that.

No, that was very clear.

> I see that index.html has a privacy violation in the form of a Google
> SiteSearch JavaScript. Lintian doesn't detect it, filing a bug about it.

But it's removed in the last patch, isn't?

> BTW, it might be appropriate to forward your patches upstream too since
> having them online is also a privacy violation because browsers load
> JavaScript and images by default.

I will try to do this.

Reply to:

Follow-Ups:
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Paul Wise <pabs@debian.org>

References:
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Sergey Kirpichev <skirpichev@gmail.com>
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Paul Wise <pabs@debian.org>
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Sergey B Kirpichev <skirpichev@gmail.com>
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Paul Wise <pabs@debian.org>
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Sergey Kirpichev <skirpichev@gmail.com>
- Bug#738101: RFS: awstats/7.3+dfsg-1
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Processed: Re: Bug#738683: RFS: hexchat/2.9.6.1-1 [ITP]
Next by Date: Processed: retitle to RFS: hexchat/2.9.6.1-2a [ITP]
Previous by thread: Bug#738101: RFS: awstats/7.3+dfsg-1
Next by thread: Bug#738101: RFS: awstats/7.3+dfsg-1
Index(es):
- Date
- Thread