Bug#964496: libjson-validator-perl: URL is gone, this is now RC

[Andrius Merkys]

Hi Wouter,

On 2020-12-03 11:43, Wouter Verhelst wrote:
> On Mon, Nov 30, 2020 at 01:00:46PM +0200, Andrius Merkys wrote:
>> On 2020-11-29 18:59, Wouter Verhelst wrote:
>>> This bug is still present. Additionally, the URL for the OpenAPI JSON
>>> scheme now returns a 404 error, which means that any software using
>>> OpenAPI on Debian with this bug present will fail to function correctly.>
>>> Please fix this bug before the release of bullseye.
>>
>> While I agree that this is an important issue, I do not think severity
>> "serious" is appropriate here. It is true that the upstream provides
>> caching mechanism, but any URL may become offline, and a general
>> approach to prevent failures in such cases is to use Debian-packaged
>> files.
> 
> ... which is exactly what this bug report is talking about, so I don't
> understand?

I wasn't over yet at that point.

>> With OpenAPI schemas provided in openapi-specification binary
>> package, this is as simple as replacing OpenAPI URLs with
>> /usr/share/openapi-specification/schemas/$VERSION/schema.json in the
>> using code.

Here I was. What I wanted to say is that having full paths is more
general and more stable than relying on some ad-hoc caching solution.

> Unfortunately, that doesn't work very if the code in question is also
> packaged (because upgrades would blow those changes away, yada yada).

True, but patches, if few and small, are not that expensive to maintain.

>> By the way, could you please provide OpenAPI URL that returns 404 now?
> 
> That would be https://spec.openapis.org/oas/3.0/schema/2019-04-02

I asked upstream and got the reply that schema URLs are not supposed to
be stable, or resolvable at all [1]. Knowing this, now I understand the
importance of caching and of this issue. The caching hash function seems
to be simple md5sum. I will fix this ASAP.

[1] https://github.com/OAI/OpenAPI-Specification/issues/2420

Best,
Andrius