[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#838870: RFS: nbsphinx/0.2.9+ds-1 [ITP] -- Jupyter Notebook Tools for Sphinx

Thanks Benoit/Ghislain,
indeed with experimental archive it's much better :)

Benoit,
my last point would be about privacy-breach-generic lintian.
You overrided it with :
--
N: The involved links are meant to illustrate URL examples, so it is meaningless
N: to bring the involved material in a local folder.
--

I agree that bringing stuff locally (as it is advised in the lintian
description) is useless when the goal is to show the code for how to embed
content of remote images/videos URLs.
Though I still think there's a breach, as loading the documentation makes your
browser connect to the internet, load images but also javascripts and so on, which
is originally the reason of this lintian definition (or let me know if I'm wrong).
Even if you point to DFSG-free ressources, you'll have your browser that will still
connect outside, and that's the issue in my understanding.

I've been thinking about this and reading your discussion with Paul Wise,
I came to the following idea : why not changing after generation the html (sed...) :

For images :
---
-<img src="https://www.python.org/static/img/python-logo-large.png"/></div>
+<img src="about:blank" alt="This image : https://www.python.org/static/img/python-logo-large.png should be displayed, but it got removed because of https://lintian.debian.org/tags/privacy-breach-generic.html.";
---

and for the embedded video :

---
 <iframe
     width="400"
     height="300"
-    src="https://www.youtube.com/embed/WAikxUGbomY";
+    src="about:blank"
     frameborder="0"
     allowfullscreen
+    srcdoc="This video : https://www.youtube.com/embed/WAikxUGbomY should be displayed, but it got removed because of https://lintian.debian.org/tags/privacy-breach-generic.html.";
 ></iframe></div>
---

That way, you'll keep the source code example clean, and despite the fact the html
is modified, the user reading the documentation will still understand the example, what
it should do, what is displayed and altered and why.
Ok the documentation html code is modified but the goal of the doc is to get
the idea of the use (source code) and visual result (rather than html output that got modified)
I also thought of playing with Content-Security-Policy in <meta> of the document to block
all outside connections but, I'm not sure all browser implement this correctly.
It's also less understable for the reader to understand why things disappeared (except
if this "framework" have information facilities). But it would be very good to fix
all the privacy-breach-generic in a general manner.


F.
Reply to: