From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean Louis Subject: bug#22972: insecure content on: https://gnu.org/software/guix/packages/ Date: Fri, 25 Mar 2016 10:43:56 +0100 Message-ID: <20160325094356.GK5051@protected.rcdrun.com> References: <20160310001030.GA24372@protected.rcdrun.com> <87zitnt108.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39515) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ajOJt-0000nV-JN for bug-guix@gnu.org; Fri, 25 Mar 2016 05:46:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ajOJe-0002R9-SY for bug-guix@gnu.org; Fri, 25 Mar 2016 05:46:17 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39740) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ajOJe-0002R3-Jl for bug-guix@gnu.org; Fri, 25 Mar 2016 05:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ajOJe-0003Ea-DP for bug-guix@gnu.org; Fri, 25 Mar 2016 05:46:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87zitnt108.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Jean Louis , 22972@debbugs.gnu.org Hello, The content is insecure as shown by Icecat. That happens because either scripts are included (did not check it) which are with http:// or images (I did check it). When website wants to provide secure and non-secure version, in that case, one shall check all links to scripts and images, that they can be accessed by secure browsing, and then instead of writing http://, one can simply write // like Small remark to the page with packages: it is in few lines, which makes editing, even with Emacs harder. There shall be new lines or indenting after > or after each package. Otherwise it makes editing the HTML very hard (I know there is source, but looking inside of HTML is difficult). The package descriptions shall not be opened by Javascript but on the long run, each package shall get its own page, and of course there shall be search engine, just like with Debian. This all becomes totally easy with guix being Guile module, and exciting. Louis On Fri, Mar 25, 2016 at 09:28:23AM +0100, Ludovic Courtès wrote: > Jean Louis skribis: > > > The icecat is reporting insecure content on: > > https://gnu.org/software/guix/packages/ > > > > and it shall be corrected, as package "Expand" is not visible. > > I believe this is no longer the case, or at least IceCat 38.6.0-gnu1 > does not show any such problem here. > > Could you confirm? > > Thanks, > Ludo’.