Hi Wouter, On 2020-12-03 11:43, Wouter Verhelst wrote: > On Mon, Nov 30, 2020 at 01:00:46PM +0200, Andrius Merkys wrote: >> On 2020-11-29 18:59, Wouter Verhelst wrote: >>> This bug is still present. Additionally, the URL for the OpenAPI JSON >>> scheme now returns a 404 error, which means that any software using >>> OpenAPI on Debian with this bug present will fail to function correctly.> >>> Please fix this bug before the release of bullseye. >> >> While I agree that this is an important issue, I do not think severity >> "serious" is appropriate here. It is true that the upstream provides >> caching mechanism, but any URL may become offline, and a general >> approach to prevent failures in such cases is to use Debian-packaged >> files. > > ... which is exactly what this bug report is talking about, so I don't > understand?
I wasn't over yet at that point. >> With OpenAPI schemas provided in openapi-specification binary >> package, this is as simple as replacing OpenAPI URLs with >> /usr/share/openapi-specification/schemas/$VERSION/schema.json in the >> using code. Here I was. What I wanted to say is that having full paths is more general and more stable than relying on some ad-hoc caching solution. > Unfortunately, that doesn't work very if the code in question is also > packaged (because upgrades would blow those changes away, yada yada). True, but patches, if few and small, are not that expensive to maintain. >> By the way, could you please provide OpenAPI URL that returns 404 now? > > That would be https://spec.openapis.org/oas/3.0/schema/2019-04-02 I asked upstream and got the reply that schema URLs are not supposed to be stable, or resolvable at all [1]. Knowing this, now I understand the importance of caching and of this issue. The caching hash function seems to be simple md5sum. I will fix this ASAP. [1] https://github.com/OAI/OpenAPI-Specification/issues/2420 Best, Andrius
