[Pkg-giraffe-discuss] current state on zarafa-webapp

Guido Günther agx at sigxcpu.org
Sat Jun 13 11:33:58 UTC 2015 

On Fri, Jun 12, 2015 at 06:42:38PM +0200, Carsten Schoenert wrote:
> Hello,
> 
> I just want to give the current state for the packaging of the
> zarafa-webapp packages as there where some small but detailed changes
> happen.
> 
> Jelle has fixed two issues this week, the old packaging behavior was
> always linking a config.php into /etc/package even if the package hasn't
> a config.php.
> Also has Jelle extended the package descriptions so we are now down to
> two Lintian warning left!
> 
> > $ lintian -IE ../zarafa-webapp_2.0.2-2_amd64.changes
> > E: zarafa-webapp source: license-problem-bad-php-license debian/copyright

I think this one is not that wrong:

> > I: zarafa-webapp-clockwidget:
> > extended-description-is-probably-too-short

----
This package is a plugin for zarafa-webapp, a web interface for the
Zarafa groupware suite.
.
The plugin extends the application's dashboard with a display of a
clock.
-----


> > N: 7 tags overridden (4 warnings, 3 info)
> 
> The error should be go away with a new upstream version from Zarafa as
> the remained file with that license is also gone. Just for
> clarification, the file 'plugins/spreed/php/dat/legacy/timezones.inc' is
> under the PHP-2.02 license.
> 
> Jelle want to have a closer look how to get rid of that file. Thanks.
> 
> The other information is ... just a information, we can override this
> Lintain warning as there is nothing really that could be extended here I
> think.
> 
> There are 7 overrides already set.

I just had a look at these:

These shouldn't be overriden.

zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/bench.php
zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/generateicalendardata.php
zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/vobjectvalidate.php

The scripts all have a '#!/usr/bin/env php' as first line. So either
their meant to be executed (and therefore need executable bits set) or,
more likely, this line just needs to be removed. This will make lintian
happy and is IMHO more correct.

I think lintian is correct here too:

zarafa-webapp-files: privacy-breach-generic usr/share/zarafa-webapp/plugins/files/js/external/uxmediapak.js (http://go2.microsoft.com/fwlink/?linkid=108181)

The script is fetching external images therefore giving away sensitive
data. We really should not do this. Simplest thing would be not fetch
the image from an external site by either going for text only or by
embedding the image in the source code.

We can't do much about those:

zarafa-webapp: font-in-non-font-package usr/share/zarafa-webapp/client/tinymce/skins/lightgray/fonts/tinymce-small.ttf
zarafa-webapp: font-in-non-font-package usr/share/zarafa-webapp/client/tinymce/skins/lightgray/fonts/tinymce.ttf
zarafa-webapp: embedded-javascript-library usr/share/zarafa-webapp/client/tinymce/plugins/compat3x/tiny_mce_popup.js please use tinymce

but I wouldn't override them. This just hides the problem that we're
unable to use the packaged tinymce. Is there a bug that asks for a
tinymce update? If so I'd reference this in that file so we can track
the progress. It seems at least wordpress shares our fate on that one.

> > $ cat debian/*.lintian-overrides
> > # this is a link to a PNG file for Microsoft Silverlight
> > zarafa-webapp-files: privacy-breach-generic usr/share/zarafa-webapp/plugins/files/js/external/uxmediapak.js (http://go2.microsoft.com/fwlink/?linkid=108181)
> > # these scripts doesn't need to be executable
> > zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/bench.php
> > zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/generateicalendardata.php
> > zarafa-webapp-files: script-not-executable usr/share/zarafa-webapp/plugins/files/php/Files/sabredav/vendor/sabre/vobject/bin/vobjectvalidate.php
> > # We have to use the tinymce package that's shipped from upstream, the
> > # Debian version 3.8.4 is to old.
> > zarafa-webapp: font-in-non-font-package usr/share/zarafa-webapp/client/tinymce/skins/lightgray/fonts/tinymce-small.ttf
> > zarafa-webapp: font-in-non-font-package usr/share/zarafa-webapp/client/tinymce/skins/lightgray/fonts/tinymce.ttf
> > zarafa-webapp: embedded-javascript-library usr/share/zarafa-webapp/client/tinymce/plugins/compat3x/tiny_mce_popup.js please use tinymce
> > # this empty directory is still a issue, has to be sorted out
> > zarafa-webapp: package-contains-empty-directory usr/share/zarafa-webapp/plugins/
> > zarafa-webapp-xmpp: package-contains-broken-symlink usr/share/zarafa-webapp/plugins/xmpp/jsjac ../../../javascript/jsjac
> 
> Maybe there is something more that could be done to solve that
> overrides. Maybe the *.php files should drop the shebang that is set,
> otherwise I don't really now if they otherwise must be have execution
> rights.
> The tinymce issue wont go away in the near time before someone is
> creating and uploading the new upstream verion for Debian.

See above.
Cheers,
 -- Guido

More information about the Pkg-giraffe-discuss mailing list