Bug#903428: javadocs generated by javahelper include jquery
tony mancill
tmancill at debian.org
Sat Aug 11 19:12:32 BST 2018
On Sat, Aug 11, 2018 at 10:12:03AM +0200, Markus Koschany wrote:
> FTR: I have talked to Matthias Klose (doko) at DebConf18 about the
> embedding of jquery into javadoc packages. He pointed me to a similar
> discussion in doxygen which also embeds jquery while building doc packages.
>
> In short he doesn't consider it to be a worthwhile task because there is
> a risk of breaking the documentation when Debian's system jquery version
> is either too old or too new. The security risk of embedding jquery is
> also rather low in this case because the documentation is static in
> contrast to web applications and it is unlikely that users would be
> affected by jquery vulnerabilities.
>
> README.jquery in doxygen explains the problem in more detail.
>
> https://sources.debian.org/src/doxygen/1.8.13-10/debian/README.jquery/
>
> All in all there is no chance that a patch to change the current
> situation would be accepted, hence I no longer intend to spend time on it.
Hi Markus,
I'm glad that you were able to discuss this directly with Matthias, and
thank you for sharing the gist of that conversation. For our sanity, I
will take a look to see if we can get the severity of the lintian
warning [1] reduced to some lower level (pedantic?) or completely
ignored for javadoc packages.
Cheers,
tony
[1] https://lintian.debian.org/tags/embedded-javascript-library.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20180811/e6963b0c/attachment.sig>
More information about the pkg-java-maintainers
mailing list