bug#22972: insecure content on: https://gnu.org/software/guix/packages/

[ludo@gnu.org (Ludovic Courtès)]

Jean Louis <guix@rcdrun.com> skribis:

> The content is insecure as shown by Icecat.

IceCat doesn’t “show” me this.  What are you referring to?

> That happens because either scripts are included (did not check it)
> which are with http:// or images (I did check it).

Right, project logos come from different places, and not necessarily
https.  I understand that this can be a problem.  However, at least for
now, we don’t copy those logos to www.gnu.org, so it seems there’s not
much we can do.

> Small remark to the page with packages: it is in few lines,
> which makes editing, even with Emacs harder. There shall be new lines or
> indenting after > or after each package. Otherwise it makes editing the
> HTML very hard (I know there is source, but looking inside of HTML is
> difficult).

As you write, this is not meant to be edited, so…  :-)

> The package descriptions shall not be opened by Javascript but on the
> long run, each package shall get its own page, and of course there shall
> be search engine, just like with Debian. This all becomes totally easy
> with guix being Guile module, and exciting.

Yes, definitely.  Dave’s guix-web¹ does that and more.  I think we
should consider running it with actions disabled (i.e., no
installing/removing/upgrading), probably behind nginx to cache things a
bit.

Any takers?

Thanks,
Ludo’.

¹ https://git.dthompson.us/guix-web.git