[openstack-dev] [horizon] Concern about XStatic-bootswatch imports from fonts.googleapis.com
Matthias Runge
mrunge at redhat.com
Thu Sep 3 19:02:32 UTC 2015
On 03/09/15 13:24, Thomas Goirand wrote:
> Hi,
>
> When doing:
> grep -r fonts.googleapis.com *
>
> there's 56 lines of this kind of result:
> xstatic/pkg/bootswatch/data/cyborg/bootstrap.css:@import
> url("https://fonts.googleapis.com/css?family=Roboto:400,700");
>
> This is wrong because:
>
> 1/ This is a privacy breach, and one may not agree on hitting any web
> server which he doesn't control. It's a problem in itself for packaging
> in Debian, which is currently stopping me from uploading.
>
> 2/ More importantly (and even if you don't care about this kind of
> privacy breach), this requires Internet access, which isn't at all
> granted in some installations.
>
> So I wonder if using bootswatch, which includes such a problem, is
> really a good idea. Are these fonts import completely mandatory? Or can
> I patch them out? Will the result be ugly if I patch it out?
>
Thomas,
You're right! I'd assume, this happened by accident. Nevertheless it
should be solved.
My simple POV is: solve it upstream or do not use bootswatch rather than
patch something out, which will lead to unexpected results for users and
will lead to complaints about stupid packagers (or else).
Matthias
More information about the OpenStack-dev
mailing list