[Python-apps-team] Bug#868049: pelican: privacy breach in "notmyidea" theme

Johannes Schauer josch at debian.org
Tue Jul 11 14:20:25 UTC 2017


Source: pelican
Version: 3.7.1-1
Severity: serious
Justification: Policy 2.2.1

The "notmyidea" theme shipped by the pelican package references several
files outside the archive. Specifically:

 - pelican/themes/notmyidea/static/css/main.css imports
   https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz&subset=latin

 - pelican/themes/notmyidea/templates/base.html includes the script
   https://html5shiv.googlecode.com/svn/trunk/html5.js

When using packages from Debian main, the expectation is, that the
software does not breach a user's privacy in its default settings. Thus,
above problems must be fixed if this package should stay in "main".

Thanks!

cheers, josch



More information about the Python-apps-team mailing list