* bug#22972: insecure content on: https://gnu.org/software/guix/packages/ @ 2016-03-10 0:10 Jean Louis 2016-03-25 8:28 ` Ludovic Courtès 2018-02-05 21:46 ` Andreas Enge 0 siblings, 2 replies; 5+ messages in thread From: Jean Louis @ 2016-03-10 0:10 UTC (permalink / raw) To: 22972 The icecat is reporting insecure content on: https://gnu.org/software/guix/packages/ and it shall be corrected, as package "Expand" is not visible. Jean Louis ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22972: insecure content on: https://gnu.org/software/guix/packages/ 2016-03-10 0:10 bug#22972: insecure content on: https://gnu.org/software/guix/packages/ Jean Louis @ 2016-03-25 8:28 ` Ludovic Courtès 2016-03-25 9:43 ` Jean Louis 2018-02-05 21:46 ` Andreas Enge 1 sibling, 1 reply; 5+ messages in thread From: Ludovic Courtès @ 2016-03-25 8:28 UTC (permalink / raw) To: Jean Louis; +Cc: 22972 Jean Louis <guix@rcdrun.com> skribis: > The icecat is reporting insecure content on: > https://gnu.org/software/guix/packages/ > > and it shall be corrected, as package "Expand" is not visible. I believe this is no longer the case, or at least IceCat 38.6.0-gnu1 does not show any such problem here. Could you confirm? Thanks, Ludo’. ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22972: insecure content on: https://gnu.org/software/guix/packages/ 2016-03-25 8:28 ` Ludovic Courtès @ 2016-03-25 9:43 ` Jean Louis 2016-03-25 12:35 ` Ludovic Courtès 0 siblings, 1 reply; 5+ messages in thread From: Jean Louis @ 2016-03-25 9:43 UTC (permalink / raw) To: Ludovic Courtès; +Cc: Jean Louis, 22972 Hello, The content is insecure as shown by Icecat. That happens because either scripts are included (did not check it) which are with http:// or images (I did check it). When website wants to provide secure and non-secure version, in that case, one shall check all links to scripts and images, that they can be accessed by secure browsing, and then instead of writing http://, one can simply write // like <img src="//www.gnu.org/some-image.jpg"> Small remark to the page with packages: it is in few lines, which makes editing, even with Emacs harder. There shall be new lines or indenting after > or after each package. Otherwise it makes editing the HTML very hard (I know there is source, but looking inside of HTML is difficult). The package descriptions shall not be opened by Javascript but on the long run, each package shall get its own page, and of course there shall be search engine, just like with Debian. This all becomes totally easy with guix being Guile module, and exciting. Louis On Fri, Mar 25, 2016 at 09:28:23AM +0100, Ludovic Courtès wrote: > Jean Louis <guix@rcdrun.com> skribis: > > > The icecat is reporting insecure content on: > > https://gnu.org/software/guix/packages/ > > > > and it shall be corrected, as package "Expand" is not visible. > > I believe this is no longer the case, or at least IceCat 38.6.0-gnu1 > does not show any such problem here. > > Could you confirm? > > Thanks, > Ludo’. ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22972: insecure content on: https://gnu.org/software/guix/packages/ 2016-03-25 9:43 ` Jean Louis @ 2016-03-25 12:35 ` Ludovic Courtès 0 siblings, 0 replies; 5+ messages in thread From: Ludovic Courtès @ 2016-03-25 12:35 UTC (permalink / raw) To: Jean Louis; +Cc: 22972 Jean Louis <guix@rcdrun.com> skribis: > The content is insecure as shown by Icecat. IceCat doesn’t “show” me this. What are you referring to? > That happens because either scripts are included (did not check it) > which are with http:// or images (I did check it). Right, project logos come from different places, and not necessarily https. I understand that this can be a problem. However, at least for now, we don’t copy those logos to www.gnu.org, so it seems there’s not much we can do. > Small remark to the page with packages: it is in few lines, > which makes editing, even with Emacs harder. There shall be new lines or > indenting after > or after each package. Otherwise it makes editing the > HTML very hard (I know there is source, but looking inside of HTML is > difficult). As you write, this is not meant to be edited, so… :-) > The package descriptions shall not be opened by Javascript but on the > long run, each package shall get its own page, and of course there shall > be search engine, just like with Debian. This all becomes totally easy > with guix being Guile module, and exciting. Yes, definitely. Dave’s guix-web¹ does that and more. I think we should consider running it with actions disabled (i.e., no installing/removing/upgrading), probably behind nginx to cache things a bit. Any takers? Thanks, Ludo’. ¹ https://git.dthompson.us/guix-web.git ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22972: insecure content on: https://gnu.org/software/guix/packages/ 2016-03-10 0:10 bug#22972: insecure content on: https://gnu.org/software/guix/packages/ Jean Louis 2016-03-25 8:28 ` Ludovic Courtès @ 2018-02-05 21:46 ` Andreas Enge 1 sibling, 0 replies; 5+ messages in thread From: Andreas Enge @ 2018-02-05 21:46 UTC (permalink / raw) To: 22972-done The new page does not contain any logos, and Icecat does not show any problem. Closing this bug. Andreas ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-02-05 21:48 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-03-10 0:10 bug#22972: insecure content on: https://gnu.org/software/guix/packages/ Jean Louis 2016-03-25 8:28 ` Ludovic Courtès 2016-03-25 9:43 ` Jean Louis 2016-03-25 12:35 ` Ludovic Courtès 2018-02-05 21:46 ` Andreas Enge
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).