Bug#974094: openpgpkey.debian.org: CORS header Access-Control-Allow-Origin missing

n’ missing). A direct request to the URL above succeeds. The keys served from under /.well-known/openpgpgkey/ are public information, afaict there are no risks to serving a "Access-Control-Allow-Origin: *" header in response to all GET requests to that path prefix. Thank you, -- Dmitry Borodaenko

Bug#169591: www.debian.org: qa.d.o/developer.php downloads script source

security threat (script source exposure is dangerous, but this partucular script doesn't handle user auth), but it definitely makes the script unusable. -- Dmitry Borodaenko