[xiphos-devel] failed github auto-build

Daniel Maxson vagus.eques at gmail.com
Sun Jan 23 08:54:46 EST 2022

Hey! Long-time lurker, first-time reply-er. It looks like this is in some
way related to PyYAML deprecating directly calling load() without a Loader
because of security concerns (although that was back in 2020 so I'm
surprised this is only coming up now):

My proposal would be that rather than curling this build script, a build
script be brought into the Xiphos project (which for consistency/ease could
mean simply copying the currently curled script, which is fair game since
both mate-desktop from which this script is taken and Xiphos are licensed
under GPLv2) which calls yaml.load with a specific loader. FullLoader is
the default recommended by PyYAML in the documentation I linked.

Unless (a) someone thinks this is undesirable or (b) wants to do this, I
wouldn't mind taking a stab at updating the broken PR (though I'd be
surprised if this doesn't come up in other places since I don't see a
direct correlation between #1103's changes and this). I would plan to test
against Ubuntu in WSL which should be good enough to cover what needs
covering to make sure this builds for non-Windows systems.

On Sun, Jan 23, 2022 at 12:51 PM Karl Kleinpaste <karl at kleinpaste.org>

> Someone offered a simple pull request for a dependency glitch.
> Failed for everything but Windows builds.
> Something docker-related, not part of Xiphos source.
> $ pwd
> /home/karl/src/bible/xiphos
> $ find -name dock*
> $ grep -i load .ci-build.yml
>         curl -Ls -o gtkhtml-4.10.0.tar.xz
> https://download.gnome.org/sources/gtkhtml/4.10/gtkhtml-4.10.0.tar.xz
> $
> Would anyone care to look?
> https://github.com/crosswire/xiphos/pull/1103
> _______________________________________________
> xiphos-devel mailing list
> xiphos-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/xiphos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/xiphos-devel/attachments/20220123/1faab3e7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rYY3neKrZ7yQ8SpX.png
Type: image/png
Size: 49995 bytes
Desc: not available
URL: <http://crosswire.org/pipermail/xiphos-devel/attachments/20220123/1faab3e7/attachment-0001.png>

More information about the xiphos-devel mailing list