[pkg-crosswire-devel] Bug#1023373: Further bug discussion

Teus Benschop teusjannette at gmail.com
Sat Nov 5 15:44:34 GMT 2022 

Hi Bastian,

Thank you for the further clarification.

You wrote:
> 1) For dealing with non-source files see §4.16.

Paragraph 4.16 of the DPM [1] does not mention “non-source files”.
It is about “missing sources”.
There was a bug report on this issue [2].
The file "quill/source/docs/_includes/analytics.html” landed in the Bibledit source to fix that bug.

[1] https://www.debian.org/doc/debian-policy/ch-source.html#missing-sources-debian-missing-sources
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017083

You wrote:
> 2) The script calls https://www.google-analytics.com/analytics.js which is a privacy breach.
>     I do not know the Policy section which applies to this but it is certainly a violation of the social contract,
>     which says: "Our priorities are our users and free software”.

You are correct that the file "quill/source/docs/_includes/analytics.html” makes a call to Google Analytics.
But I also see that this call is never executed by Bibledit.
The call to Google Analytics can even never be made by Bibledit, because this call is not found in the file “quill.min.js|.
This is the final minified version from Quill that Bibledit uses.
Therefore when referring to the social contract, where it says “Our priorities are our users and free software”,
Bibledit does prioritise the users and free software in this context.
Because Bibledit never calls Google Analytics.

After thinking over all these things, it now becomes even more unclear to me what the exact bug is that this report is about.

My questions are:
1. Since there’s no policy violation, and no violation of the social contract, and no functional error, what exactly is the bug?
2. Since there’s no violation of policy or social contract, and the package is not unfit for release, why has this bug been tagged release critical?

A few suggestion are these:
1. To no longer make this bug release critical.
2. Perhaps make this bug a wishlist item instead.
3. Perhaps close this bug since there’s no bug found yet.

You wrote:
> You should really have a look at the lintian output.
> There are more privacy-breach-generic tagged errors in the quill files.
> Those should be addressed as well.
 
I agree with you, and have had a look a couple of times, now and in the past.
I agree that these should be addressed too.

Anyway, these are a few of my thoughts about this bug, and thank you for your eagerness to make Bibledit a perfect Debian package.

Teus.

More information about the pkg-crosswire-devel mailing list