Bug#868047: pelican ships non-free files

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#868047: pelican ships non-free files

Johannes Schauer-3
Source: pelican
Version: 3.7.1
Severity: serious
Justification: Policy 2.2.1

The directory pelican/themes/notmyidea/static/images/icons/ is full of
non-free files which need to be removed.

Reply | Threaded
Open this post in threaded view
|

Bug#868047: pelican ships non-free files

Ben Finney-3
Control: tags -1 + patch

On 11-Jul-2017, Johannes Schauer wrote:

> The directory pelican/themes/notmyidea/static/images/icons/ is full
> of non-free files which need to be removed.

I have generated some replacement iconds (blocks of colour) and a
patch series that removes and replaces those images in the source
package. The patch series is attached to this message.

--
 \                    “It's all in the mind, you know.” —The Goon Show |
  `\                                                                   |
_o__)                                                                  |
Ben Finney <[hidden email]>

0001-Rewrite-the-UScan-configuration-for-format-version-4.patch (1K) Download Attachment
0002-Configure-UScan-to-re-pack-the-upstream-source.patch (1K) Download Attachment
0003-Specify-files-excluded-because-they-lack-free-softwa.patch (2K) Download Attachment
0004-Document-that-we-are-closing-a-Severity-high-bug.patch (1K) Download Attachment
0005-Add-substitute-icons-for-the-notmyidea-theme.patch (15K) Download Attachment
0006-Install-substitute-icon-images-for-notmyidea-theme.patch (3K) Download Attachment
signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Processed: Re: Bug#868047: pelican ships non-free files

Debian Bug Tracking System
In reply to this post by Johannes Schauer-3
Processing control commands:

> tags -1 + patch
Bug #868047 [src:pelican] pelican ships non-free files
Added tag(s) patch.

--
868047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868047
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#868047: Intent to NMU: pelican/3.7.1+dfsg.1-1

Ben Finney-3
In reply to this post by Ben Finney-3
Control: tags -1 + pending

Given that both these (bug#868049, bug#868047) are Severity: serious,
the ‘pelican’ package is scheduled for removal from “testing” very
soon.

I have a Git repository to develop release “3.7.1+dfsg.1-1”
<URL:https://anonscm.debian.org/git/users/bignose/debian/pkg-pelican.git/>.

If there is no substantive objection before my evening today (Tue
2017-08-08 UTC+10:00), I will do a Non-Maintainer Upload of the
release I have prepared, incorporating the patches to fix these bugs
to allow the package to remain.

--
 \       “The apparent lesson of the Inquisition is that insistence on |
  `\         uniformity of belief is fatal to intellectual, moral, and |
_o__)    spiritual health.” —_The Uses Of The Past_, Herbert J. Muller |
Ben Finney <[hidden email]>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Processed: Intent to NMU: pelican/3.7.1+dfsg.1-1

Debian Bug Tracking System
In reply to this post by Johannes Schauer-3
Processing control commands:

> tags -1 + pending
Bug #868047 [src:pelican] pelican ships non-free files
Added tag(s) pending.

--
868047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868047
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Processed: Intent to NMU: pelican/3.7.1+dfsg.1-1

Debian Bug Tracking System
In reply to this post by Ben Finney-3
Processing control commands:

> tags -1 + pending
Bug #868049 [src:pelican] pelican: privacy breach in "notmyidea" theme
Added tag(s) pending.

--
868049: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868049
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#868049: [Python-apps-team] Bug#868049: Intent to NMU: pelican/3.7.1+dfsg.1-1

Vincent Cheng-2
In reply to this post by Ben Finney-3
Hi Ben,

On Mon, Aug 7, 2017 at 4:24 PM, Ben Finney <[hidden email]> wrote:

> Control: tags -1 + pending
>
> Given that both these (bug#868049, bug#868047) are Severity: serious,
> the ‘pelican’ package is scheduled for removal from “testing” very
> soon.
>
> I have a Git repository to develop release “3.7.1+dfsg.1-1”
> <URL:https://anonscm.debian.org/git/users/bignose/debian/pkg-pelican.git/>.
>
> If there is no substantive objection before my evening today (Tue
> 2017-08-08 UTC+10:00), I will do a Non-Maintainer Upload of the
> release I have prepared, incorporating the patches to fix these bugs
> to allow the package to remain.

NACK from maintainer.

Shipping a broken theme by default would be a disservice to our users
(yes, I consider replacing social media images in the default theme
with nondescript images to be completely broken behaviour for end
users of the package). I'd much rather see the "notmyidea" theme
removed from the package (which is probably what I'll end up doing to
fix #868047), or pelican removed from the archive entirely.

As a side note, I object to #868049 being considered a RC bug. The
specified HTML file in the bug,
pelican/themes/notmyidea/templates/base.html, isn't even a valid HTML
file; it's merely a jinja template that will fail to open in any
browser as-is, so there's no way it can breach the privacy of the user
who installed the package (the user is not even expected to open the
files as-is in a web browser, as opposed to say, documentation
provided by doc packages). Arguing that the referenced HTML file has
the potential to be privacy-breaching (and thus RC-buggy) when used to
generate a blog with pelican is akin to arguing that gcc is RC-buggy
because it can be used to compile non-free, privacy-breaching
software, or apache/nginx is RC-buggy because it can be used to serve
up non-free, privacy-breaching data.

Regards,
Vincent

Reply | Threaded
Open this post in threaded view
|

Bug#868047: Intent to NMU: pelican/3.7.1+dfsg.1-1

Ben Finney-3
On 08-Aug-2017, Vincent Cheng wrote:
> Hi Ben,
>
> On Mon, Aug 7, 2017 at 4:24 PM, Ben Finney <[hidden email]> wrote:
> > If there is no substantive objection before my evening today (Tue
> > 2017-08-08 UTC+10:00), I will do a Non-Maintainer Upload of the
> > release I have prepared, incorporating the patches to fix these
> > bugs to allow the package to remain.
>
> NACK from maintainer.

ACK. I will not make the NMU release described above.

> Shipping a broken theme by default would be a disservice to our
> users (yes, I consider replacing social media images in the default
> theme with nondescript images to be completely broken behaviour for
> end users of the package). I'd much rather see the "notmyidea" theme
> removed from the package (which is probably what I'll end up doing
> to fix #868047), or pelican removed from the archive entirely.

Okay, I would rather act to see the package remain in Debian Buster as
free software, but I'm happy that you have a plan to bring it back.

Let me know if you'd like any particular help from me. For now, I'll
leave it to you as maintainer.

Thank you for responding to my somewhat urgent call on this :-)

--
 \         “Science is a way of trying not to fool yourself. The first |
  `\     principle is that you must not fool yourself, and you are the |
_o__)               easiest person to fool.” —Richard P. Feynman, 1964 |
Ben Finney <[hidden email]>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#868047: Intent to NMU: pelican/3.7.1+dfsg.1-1

Ben Finney-3
In reply to this post by Vincent Cheng-2
Control: tags -1 - patch pending

On 08-Aug-2017, Vincent Cheng wrote:

> NACK from maintainer.

Okay. I'm removing the “patch” tag on these bug reports.

> I'd much rather see the "notmyidea" theme removed from the package
> (which is probably what I'll end up doing to fix #868047), or
> pelican removed from the archive entirely.
>
> As a side note, I object to #868049 being considered a RC bug.

I'm removing the “pending” tag on these bug reports, leaving it to the
maintainer to decide when to upload a corrected package.

--
 \        “The reason we come up with new versions is not to fix bugs. |
  `\                     It's absolutely not.” —Bill Gates, 1995-10-23 |
_o__)                                                                  |
Ben Finney <[hidden email]>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Processed: Re: Intent to NMU: pelican/3.7.1+dfsg.1-1

Debian Bug Tracking System
In reply to this post by Johannes Schauer-3
Processing control commands:

> tags -1 - patch pending
Bug #868047 [src:pelican] pelican ships non-free files
Removed tag(s) patch and pending.

--
868047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868047
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Processed: Re: Intent to NMU: pelican/3.7.1+dfsg.1-1

Debian Bug Tracking System
In reply to this post by Ben Finney-3
Processing control commands:

> tags -1 - patch pending
Bug #868049 [src:pelican] pelican: privacy breach in "notmyidea" theme
Removed tag(s) patch and pending.

--
868049: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868049
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#868047: marked as done (pelican ships non-free files)

Debian Bug Tracking System
In reply to this post by Johannes Schauer-3
Your message dated Sun, 13 Aug 2017 06:36:16 +0000
with message-id <[hidden email]>
and subject line Bug#868047: fixed in pelican 3.7.1+dfsg-1
has caused the Debian Bug report #868047,
regarding pelican ships non-free files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
868047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868047
Debian Bug Tracking System
Contact [hidden email] with problems

Source: pelican
Version: 3.7.1
Severity: serious
Justification: Policy 2.2.1

The directory pelican/themes/notmyidea/static/images/icons/ is full of
non-free files which need to be removed.

Source: pelican
Source-Version: 3.7.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
pelican, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Cheng <[hidden email]> (supplier of updated pelican package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 23:01:00 -0700
Source: pelican
Binary: pelican pelican-doc python-pelican
Architecture: source all
Version: 3.7.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Applications Team <[hidden email]>
Changed-By: Vincent Cheng <[hidden email]>
Description:
 pelican    - blog aware, static website generator
 pelican-doc - blog aware, static website generator (documentation)
 python-pelican - transitional dummy package
Closes: 858859 868047 868049
Changes:
 pelican (3.7.1+dfsg-1) unstable; urgency=medium
 .
   * Remove notmyidea theme to avoid shipping non-free files, repacking tarball.
     (Closes: #868047, #868049, #858859)
     - Update debian/copyright and debian/lintian-overrides accordingly.
     - Add debian/patches/default_theme.patch to change default theme to
       "simple".
   * Update Standards version to 4.0.1.
     - Change python-pelican priority due to "extra" being deprecated.
Checksums-Sha1:
 7ee152931035b654de8912fe9e3315151f03e1e9 2354 pelican_3.7.1+dfsg-1.dsc
 54b84376fd0917d5707bbbde592ee00562ca08c3 752512 pelican_3.7.1+dfsg.orig.tar.gz
 1a1a533c0f09a297370acd825dc7ebf6c6fd9c94 16984 pelican_3.7.1+dfsg-1.debian.tar.xz
 2c3c361bf7d27648527a8d961527cf3c1ceddc9d 186348 pelican-doc_3.7.1+dfsg-1_all.deb
 8645744930565af796a28fd15fe9e78e3c2266f9 85926 pelican_3.7.1+dfsg-1_all.deb
 447d51ee2047ca727d37643b98e449fa78413915 7482 pelican_3.7.1+dfsg-1_amd64.buildinfo
 f29cd3d30af8486e833f37be53679f61e3093bda 19082 python-pelican_3.7.1+dfsg-1_all.deb
Checksums-Sha256:
 de55574c1a20e3694d64cf88187166735d8e2bd45933e348be5cc7a79ef2fb87 2354 pelican_3.7.1+dfsg-1.dsc
 84917a435afd77a9acba24efff7580e698446a8221f7dcd4dedd8ebb284d7f1d 752512 pelican_3.7.1+dfsg.orig.tar.gz
 a1d2036ed2a47bcbacc055911663387071bf4164268ccb055623ed1d2a24554d 16984 pelican_3.7.1+dfsg-1.debian.tar.xz
 409dd3204f00aa0597ff4798b522fbb1392bd80a170c1faf4fb694ce0889ace2 186348 pelican-doc_3.7.1+dfsg-1_all.deb
 7309781b921e4cc182796e93327272e6a7253661cdbbe0f73380c526640fb8e2 85926 pelican_3.7.1+dfsg-1_all.deb
 8d916dd6bbfbfbb8f203c9598a897452fb5f36c8566db26111a5e2858a4f2eb6 7482 pelican_3.7.1+dfsg-1_amd64.buildinfo
 4e94a49f8fffb6603ed330e26e7c01ed654ac0b9e8f61f9b1fdefba332b3dd18 19082 python-pelican_3.7.1+dfsg-1_all.deb
Files:
 6f6b235478660945dfacf98e3f3a635c 2354 web optional pelican_3.7.1+dfsg-1.dsc
 46502d8c9b7f8be6576f3c0cf34b43a5 752512 web optional pelican_3.7.1+dfsg.orig.tar.gz
 0281dab9558db2adb2c4773457246b37 16984 web optional pelican_3.7.1+dfsg-1.debian.tar.xz
 6977b31e0f80106c5a56d03988d40c60 186348 doc optional pelican-doc_3.7.1+dfsg-1_all.deb
 26a7d350cd8bf70dc74623bed599b7ac 85926 web optional pelican_3.7.1+dfsg-1_all.deb
 0e1d35b400a145abd575a414108483dd 7482 web optional pelican_3.7.1+dfsg-1_amd64.buildinfo
 01e267d8823ae1c58510b06162ef69a9 19082 oldlibs optional python-pelican_3.7.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1TqBWjy3ZZr4guOVju3MG6ofMv8FAlmP76YACgkQju3MG6of
Mv+pyxAA00/0ka1WWSKSCvRpP561Ng9T3Q0+2Dqjnjcjco7XyyCE2pAXdg4J065F
NJbf7hdK7bF5A2buc/Cywr+5YLjd5jVlahTZgyoPkeI5v2gUnQPQ72Ln/tcO1goY
hbqkP49HmX0FL5xl9gBL8x6HMNs6rfyx26WJCFLDaJVPkyW3ciklootbH4e8ZBJO
KNQR0PdMOtgNgtox6oCEGYsf8j++F4eqyxt6lJhaHrQK72jAcPYkWupLns1B+czq
o9mbNIS5R2D2V52+HuWwU9z3WxwibnxY0lLoge0joj2esnJU3O6rVKyQNneffG3y
Ka45JwP0OiAopuQM33KEGs7KdBOpFLOACoOXmovEwCRQsWGHt9wSjL5Kmz2TFag0
KFQh/5X8dmiyYg4ezPYE48py6BHHMKV5nffGvID08WM63XQ5TIanEJceJl7t5CYj
nf+EOoxCGIMuDCLdqM0i6sAVAN4lbDVXEX6Y99b9Hc/nmQKCO54byWiWvFqtZwgl
I9V+qctl33e3Edr3NNLfR4oqqJ2GBZKZtEXDN4ZGTitbPC1bVipG7knjyZaP2U0N
46yO5wiu9VKU64p9n42EnsM3wZl4osXolLkn2mtJhCpfQIN1oGlTO/y479JtVgMv
fDh3lAFQ3M0kEm9DygGo8P582JSlawDitQl8307xsvC/ydxNtiU=
=f4io
-----END PGP SIGNATURE-----