[Debian-med-packaging] Bug#1003977: cwltool: privacy leak with option --print-doc
Michael R. Crusoe
crusoe at debian.org
Wed Jan 19 11:11:00 GMT 2022
Control: forwarded -1
https://github.com/common-workflow-language/schema_salad/issues/510
On Tue, 18 Jan 2022 21:48:01 +0100 Jonas Smedegaard <dr at jones.dk> wrote:
> Package: cwltool
> Version: 3.1.20211104071347-3
> Severity: important
>
> Web pages produced with `cwltool --print-doc` contains links to only
> resources, revealing when users render the document in a regular web
> browser - or fails to produce intended layout if rendering while offline.
I think you mean `schema-salad-tool --print-doc`, yes? Agreed, this is
not great.
I opened an issue about this upstream (where I am also the maintainer).
A pull request to fix this would be very welcome!
>
> For inspiration, the tool pandoc by default (as packaged in Debian,
> upstream defaults differ) links against local system-shared resources,
> with an option for each resource to instead link to an online instance
> of the user's own choice.
>
> Jonas
--
Michael R. Crusoe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20220119/4bed6bab/attachment.sig>
More information about the Debian-med-packaging
mailing list