1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.PERL

  • Thoughts on Markdown::Render

    From Andrew Ruthven@21:1/5 to All on Sun Jul 14 10:40:01 2024
    Hey,

    As part of updating request-tracker5 to v5.0.7, a new build dependency is Markdown::Render[0], I'm preparing this currently, but, I wanted to get some thoughts. By default it will use a Github API to render Markdown to HTML. I figure that isn't ideal from a privacy of our users point of view.
    Fortunately the module also supports using Text::Markdown::Discount to do
    the rendering locally.

    It is a trivial patch to change the default to be Text::Markdown::Discount,
    is this the correct thing to do?

    I don't think upstream will accept the patch, as they've deliberately set
    the default to be Github.

    There is nothing to worry about tests reaching out to Github during builds
    as there is no test suite (sigh).

    Cheers,
    Andrew

    [0] https://metacpan.org/pod/Markdown::Render
    --
    Andrew Ruthven, Wellington, New Zealand
    [email protected] |
    Catalyst Cloud: | This space intentionally left blank
    https://catalystcloud.nz |

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gregor herrmann@21:1/5 to Andrew Ruthven on Sun Jul 14 17:40:01 2024
    On Sun, 14 Jul 2024 20:36:19 +1200, Andrew Ruthven wrote:

    As part of updating request-tracker5 to v5.0.7, a new build dependency is Markdown::Render[0], I'm preparing this currently, but, I wanted to get some thoughts. By default it will use a Github API to render Markdown to HTML. I figure that isn't ideal from a privacy of our users point of view. Fortunately the module also supports using Text::Markdown::Discount to do
    the rendering locally.
    It is a trivial patch to change the default to be Text::Markdown::Discount, is this the correct thing to do?

    Sounds right to me.


    Cheers,
    gregor

    --
    .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
    : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
    `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
    `-

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmaT8RFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgbFThAAhkSqOygfUWIfkgwYEKPp3sBEsFaxnfrQ7JTtk69nxrUYu/F1N5BiUlAi CLV66iEZuXepBgc5uiby6SwpUjyVVQ9UX6WNGH7YQ2yZGPfAZTP7WdqcWsRW/FGo pQ8n61pS8jn/8HVWsMNDBTD16iK84azSrVAkYkEDKtxQi3xBMdxjYsih7jXzx72g vZoUpN3S880d+NlPujscmvF6/f/e8EyTMDdyPURXoPaXW5pDjEvNJ7t4sFpOfI2G 0o2uXtSsa8+iIciDG4ukB+dPzGTSVqfNjec/uxcqCc37zcllYmusMeDyjFCuwf4k OrL5/aRTVRtsE7shi2MfFMemm4dFPSRpjIgqgl/T+4d8WekVSo1O3NXfmrMNo94X oHwcmAjkhWJA3jK6NA0Tiwpb0nT6NxlWErwu8YE9FOKI7o1uDwBV1LIcQ8Qiz1u8 4Yap5fOAj7mRNnjtanv7gKLeOq0ay91rtFB/PfG+d9jnpSpSgx6Wb4Dd2icxPVwO N9jupKmAD8N0drk+59ajddhcgdZzSbkImBc5EnWWxYIqrPFgd539xmPyJkXrRZeI EXKQLH1dsPoMHn6RvYU7NWIFw8SA7RFoBdqdGSTcGNtB9DupSsgUqkhANKjzELo/ XeDD+lt/uEuhhZnLROKnH4ZxiMFpbOMsNbiYNl9/Y1mJEScIhNo=
    =K220
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Ruthven@21:1/5 to gregor herrmann on Tue Jul 16 11:20:02 2024
    On Sun, 2024-07-14 at 17:38 +0200, gregor herrmann wrote:
    On Sun, 14 Jul 2024 20:36:19 +1200, Andrew Ruthven wrote:

    As part of updating request-tracker5 to v5.0.7, a new build dependency
    is
    Markdown::Render[0], I'm preparing this currently, but, I wanted to get some
    thoughts. By default it will use a Github API to render Markdown to
    HTML. I
    figure that isn't ideal from a privacy of our users point of view. Fortunately the module also supports using Text::Markdown::Discount to
    do
    the rendering locally.
    It is a trivial patch to change the default to be
    Text::Markdown::Discount,
    is this the correct thing to do?

    Sounds right to me.

    I figured it would be, so I made the change after I sent my email to the
    list. ;)

    The new package is ready for review here:

    https://salsa.debian.org/perl-team/modules/packages/libmarkdown-render-perl

    --
    Andrew Ruthven, Wellington, New Zealand
    [email protected] |
    Catalyst Cloud: | This space intentionally left blank
    https://catalystcloud.nz |

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gregor herrmann@21:1/5 to Andrew Ruthven on Tue Jul 16 20:40:01 2024
    On Tue, 16 Jul 2024 21:16:53 +1200, Andrew Ruthven wrote:

    It is a trivial patch to change the default to be Text::Markdown::Discount,
    is this the correct thing to do?
    Sounds right to me.
    I figured it would be, so I made the change after I sent my email to the list. ;)

    Heh :)

    The new package is ready for review here: https://salsa.debian.org/perl-team/modules/packages/libmarkdown-render-perl

    * Out of curiosity: Why the opts="pgpmode=none" in d/watch?
    * Remark/question: we have no copyright holder anywhere. As a
    workaround, we typically copy the "Berne Convention" comment from
    https://perl-team.pages.debian.net/copyright.html#Berne_Convention
    into debian/copyright (done). But the question remains who the
    author(s) actually is/are? You picked 'Rob Lauer
    <[email protected]>' which looks right from looking at
    lib/Markdown/Render.pm and ChangeLog and the git log but
    Makefile.PL has
    AUTHOR => 'BIGFOOT <[email protected]>'
    Might be an oversight / copypaste error but things like this raise
    ftp-masters' eyebrows :)
    So maybe either ask upstream for clarification (and put this in
    d/copyright), or extend the Comment I've added with a sentence
    explaining the situation.
    * Some cosmetic fixes committed and pushed.

    Oh, dear, this needs libio-stringy-perl (>= 2.113) which I've already
    deleted :)

    Alright, after that: Everything else looks fine to me.


    Cheers,
    gregor

    --
    .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
    : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
    `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
    `-

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmaWvJxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgZWEg//TiWu3A7G/SqnLELJEGE17L9UUg26ZV4ucvMlX178tnJ93ZqmWSrVoYkk UYFaQmYQrF9Q0MQTrDKSVN1cTHIED/aepiw75O3wnMmFlGJa8MAPkFRsboBPUmDM VtGrbnXokKtx3JdhW1nuui4UUDCQiVRLoVHLVuIFN5cDIZkzVmXkbwojsLG1E118 WapH3EkwW2VqMpyJySM4XQwUB2bABF4b3wIZxUoq7XGZgHFyCBcALnAYQgGTSCtQ emX8J3rWm87/5dODjX0030e6r8zckaIb/PdZ6t+/97oVB3y8R+4BmzVAjW7a7Jxb Tq1cI46JTAQBij2MpNpbq2qVb7LOm58/Fwm2GSqVpHbQE+Y/XppyvFW4X8gOXHam eAoI+H6iY1KlJ4hvVtolKidZ3GHo5/Ba5L0i2H3NN8CPALq6r71h55C0dRLrlLLh PEJRTIvqVg5fXscyaSf56UHz3Biwi14ooFyArIEwLwCWd20l+e+1qTAMrLgUg27U KIqA5hkCTBsSfIPvB4H97I3EPVmBaPq5epK0iPIeJ8O4u7tRFp9mXikG5sX1+Bi0 ERkXgSu82Q/itnZZQdpsslyjiOlk4n+U8wOnPQPjrrLmzrfN7MH8t0daNFYEb3pr 6HBooEChWdf9jAzwFBvUoVkx1ZV8VilbfSrpEY0+AXGsOglHF8o=
    =fv6y
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Ruthven@21:1/5 to gregor herrmann on Wed Jul 17 00:10:01 2024
    On Tue, 2024-07-16 at 20:31 +0200, gregor herrmann wrote:
    On Tue, 16 Jul 2024 21:16:53 +1200, Andrew Ruthven wrote:
    The new package is ready for review here: https://salsa.debian.org/perl-team/modules/packages/libmarkdown-render- perl

    * Out of curiosity: Why the opts="pgpmode=none" in d/watch?

    I wanted to stop uscan from complaining about no GPG sigs, and as a first attempt to make lintian happy. But I see that even in verbose mode uscan
    isn't trying to fetch the GPG sig file. I have removed it.

    * Remark/question: we have no copyright holder anywhere. As a
      workaround, we typically copy the "Berne Convention" comment from
      https://perl-team.pages.debian.net/copyright.html#Berne_Convention
      into debian/copyright (done). But the question remains who the
      author(s) actually is/are? You picked 'Rob Lauer
      <[email protected]>' which looks right from looking at
      lib/Markdown/Render.pm and ChangeLog and the git log but
      Makefile.PL has
      AUTHOR           => 'BIGFOOT <[email protected]>'
      Might be an oversight / copypaste error but things like this raise
      ftp-masters' eyebrows :)
      So maybe either ask upstream for clarification (and put this in
      d/copyright), or extend the Comment I've added with a sentence
      explaining the situation.

    Yeah, good question. I couldn't find a copyright statement in the code
    either. BIGFOOT is Rob Lauer's CPAN username - https://metacpan.org/author/BIGFOOT . I figured it would be better to use
    his personal address as included in the docs than his CPAN email address.
    Given this relationship, I don't think there is confusion on who the
    copyright holder is - just inconsistency in the package.

    I have added this to the comment that you've added (thank you for that).

    * Some cosmetic fixes committed and pushed.

    Ta.

    Oh, dear, this needs libio-stringy-perl (>= 2.113) which I've already
    deleted :)

    Haha, yes, this is why I was looking at libio-string-perl.

    Alright, after that: Everything else looks fine to me.

    Excellent.

    --
    Andrew Ruthven, Wellington, New Zealand
    [email protected] |
    Catalyst Cloud: | This space intentionally left blank
    https://catalystcloud.nz |

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gregor herrmann@21:1/5 to Andrew Ruthven on Wed Jul 17 21:30:01 2024
    On Wed, 17 Jul 2024 10:00:16 +1200, Andrew Ruthven wrote:

    * Out of curiosity: Why the opts="pgpmode=none" in d/watch?
    I wanted to stop uscan from complaining about no GPG sigs, and as a first attempt to make lintian happy.

    Oh, I see.
    Typically we ignore this hint from lintian (but of course your
    override is fine a well).

    * Remark/question: we have no copyright holder anywhere. As a
    � workaround, we typically copy the "Berne Convention" comment from
    https://perl-team.pages.debian.net/copyright.html#Berne_Convention
    � into debian/copyright (done). But the question remains who the
    � author(s) actually is/are? You picked 'Rob Lauer
    � <[email protected]>' which looks right from looking at
    � lib/Markdown/Render.pm and ChangeLog and the git log but
    � Makefile.PL has
    � AUTHOR���������� => 'BIGFOOT <[email protected]>'
    � Might be an oversight / copypaste error but things like this raise
    � ftp-masters' eyebrows :)
    � So maybe either ask upstream for clarification (and put this in
    � d/copyright), or extend the Comment I've added with a sentence
    � explaining the situation.
    Yeah, good question. I couldn't find a copyright statement in the code either. BIGFOOT is Rob Lauer's CPAN username - https://metacpan.org/author/BIGFOOT .

    Ha, I missed that important detail.


    So I guess the package is ready :)


    Cheers,
    gregor

    --
    .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
    : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
    `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
    `-

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmaYGlZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgbpDxAAoLtU9LByYwNTIuXtubvJnGGXlW16mrFCjHQ/oi0q11a2ZOeX64V6cfzf 6fw6b2dNJrYGqDk4FcMhVKpUk82nQ4N1gRt4fTt+zJCwzcikxj/k1XretEBlzG9o U+DDMdbTFbNI/XJ0mWheqIw4/zM3bqQhVjcP7fDeP+vxrKhHqn99bv25aI5V3Zuk /HKhz7fq9cuQ0P/Qwugv7+/aJAIgITGOkKGzIQ2CC+7xFZDFS4HjPuRUPLzf1pfz u/6VjMrJ9+OYPyEkYqRktPrKoJqwwRMrGqYFInMeqjPBrUW04nubAljt59TbMYt9 4DrDFgUi6GaLiY12JMpSI6lhbfNfAsD5whlAGFby/w0i+UxBwWZz3JqpIQ4vLESS UXrbySwck/gfPtdkAYWjDS3K8IPERuYHKho3NzLVhjKjT+ObWWiQVYUV1S/Ny64r +2Sm5c4tsqxwRUBZMJO0Rm8aop6UzPad2tS+gj1sEozxCHnYXhAIIuWQhWvos+nQ
    tHt2+6RR