On Mon, Feb 17, 2014 at 09:36:12AM +0800, Paul Wise wrote: > On Sun, 2014-02-16 at 15:19 +0400, Sergey Kirpichev wrote: > > > I hope, that's fixed in: > > http://anonscm.debian.org/gitweb/?p=collab-maint/awstats.git;a=commit;h=9c8f27ceb7f9490387a32b9fb2f45b21f69f853d > > It doesn't have any privacy issues, but: > > It is utterly pointless to include a 1x1 tracking gif in a source > package. The whole point of 1x1 GIFs is privacy violation
Yeah, probably it's so. Removed. Package on m.d.n was updated. I was under impression what this is to workaround some formatting issues with some ancient browsers. > Not sure if it makes sense to have <input type="image"> without the > image in it. Please replace that with type="submit" and drop the border. > > > Could you kindly provide a more detailed *technical* > > suggestion in this case (facebook patch)? > > This has PHP code for computing the URL but it should be easy to replace > that part with a link to the page @ http://awstats.sourceforge.net/docs/ > > https://stackoverflow.com/questions/10988815/facebook-twitter-and-google-1-buttons-using-only-html-no-javascript I don't sure if that does exactly what removed js is supposed to do. https://developers.facebook.com/docs/plugins/like-button asks to login, so I'll wait for a while, until this will not change... btw, I doubt that this whole idea is working for urls like file:///usr/share/doc/... > > It's not reasonable to believe, that every maintainer would read all > > provided in the package *.html files in a regular way to find and fix > > such problems. Without automation - it's just a waste of time. > > I didn't mention detection at all. If not all - that's mostly useless. > My objection was that your message > implied you wouldn't fix these issues I detected and informed you about > until lintian was fixed to detect the issues I detected manually. > Sorry if I wasn't clear enough about that. No, that was very clear. > I see that index.html has a privacy violation in the form of a Google > SiteSearch JavaScript. Lintian doesn't detect it, filing a bug about it. But it's removed in the last patch, isn't? > BTW, it might be appropriate to forward your patches upstream too since > having them online is also a privacy violation because browsers load > JavaScript and images by default. I will try to do this. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
