openstack-manuals

The openstack-manuals contains minified javascript

Bug #1501641 reported by Thomas Goirand on 2015-10-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	High	Ryan Selden

Bug Description

Hi there!

These files should be removed from the openstack-manual repository:

# find . -iname '*.min*'
./www/static/common/js/bootstrap.min.js
./www/static/common/js/bootstrap-hover-dropdown.min.js
./www/static/common/css/font-awesome.min.css
./www/static/common/css/bootstrap.min.css

Indeed, these are considered already compiled binaries, and are not acceptable by downstream distribution. It is also a very bad practice with potential security issues:

https://zyan.scripts.mit.edu/blog/backdooring-js/

Here, we don't even know what compressor was used. What should be done, if we really want to use minified javascript, is to minify them at build time. I would also strongly advise to not embed things which are already available from XStatic packages.

Tags:

Tom Fifield (fifieldt) on 2015-10-01

tags:

added: doc-builds openstackdocstheme

Revision history for this message

Anne Gentle (annegentle) wrote on 2015-10-28:

Is this a duplicate bug?

Richard (csravelar) on 2015-10-28

Changed in openstack-manuals:
assignee:	nobody → Richard (csravelar)

Richard (csravelar) on 2015-10-30

Changed in openstack-manuals:
status:	New → Confirmed

Richard (csravelar) on 2015-10-30

Changed in openstack-manuals:
status:	Confirmed → New
assignee:	Richard (csravelar) → nobody

Amulya Battu (battu-amulya) on 2015-10-31

Changed in openstack-manuals:
assignee:	nobody → Amulya Battu (battu-amulya)
status:	New → In Progress

Revision history for this message

Amulya Battu (battu-amulya) wrote on 2015-11-01:

Fix is created at https://review.openstack.org/240723

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2015-11-02:

Note that we can only remove them if there are either completely unused or there is an alternate way of publishing the javascript. Just removing these files is *not* enough.

Amulya Battu (battu-amulya) on 2015-11-04

Changed in openstack-manuals:
assignee:	Amulya Battu (battu-amulya) → nobody
status:	In Progress → New

Revision history for this message

Alexandra Settle (alexandra-settle) wrote on 2015-11-05:

Is someone able to verify whether or not these files are completely unused and don't affect other files as Andreas said?
Marking as incomplete until we're able to confirm.
Thanks.

Changed in openstack-manuals:
status:	New → Incomplete
importance:	Undecided → Low

Revision history for this message

Thomas Goirand (thomas-goirand) wrote on 2015-11-06:

Hi Alexandra,

A simple grep shows that the files are indeed in use. Also, please don't set this to a low priority, as this blocks my upload to Debian (and I would like to upload to Debian some of the guides from openstack-manuals).

Changed in openstack-manuals:
importance:	Low → High
status:	Incomplete → Confirmed

Ryan Selden (ryanx-seldon) on 2016-06-16

Changed in openstack-manuals:
assignee:	nobody → Ryan Selden (ryanx-seldon)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-16: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/330731

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-30: Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/330731
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=2187b83bef2ca142715e218d02f138cff2fc9042
Submitter: Jenkins
Branch: master

commit 2187b83bef2ca142715e218d02f138cff2fc9042
Author: Ryan Selden <email address hidden>
Date: Thu Jun 16 17:30:59 2016 +0000

Removed minimized files

    Font-awesome and bootstrap files were included minimized
    Removed font-awesome which was only used from the CDN
    Replaced bootstrap minimized files with regular ones
    Updated references to bootstrap files

Change-Id: I6bb74549b762e7502a8e1966fc4b6b53fe54c163
Closes-bug: #1501641

Changed in openstack-manuals:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-03:

Reviewed: https://review.openstack.org/347761
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=592916d33e64cca469b29812bfb4cc06549bf0b7
Submitter: Jenkins
Branch: master

commit 592916d33e64cca469b29812bfb4cc06549bf0b7
Author: Thomas Goirand <email address hidden>
Date: Wed Jul 27 13:07:21 2016 +0200

Replace minified jquery by source version

    The file www/static/common/js/jquery-1.11.0.js is a source-less
    non-free blob, which wouldn't fit in downstream distributions.
    This patch replaces it by jquery-1.11.3.js in a non-minified
    way.

Partial-Bug: 1501641
Change-Id: Ia7088601423f1fad0681bef4521ba4c114101d3a

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-24: Fix included in openstack/openstack-manuals 15.0.0

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.