On 24 Dec 2023 20:22, Frank Ch. Eigler wrote:
> > tl;dr: can we add "; style-src 'unsafe-inline' http: https:" to
> > sourceware.org's CSP header ?
> 
> There are a couple of ways in which this can be configured.  For
> example, if you identify a URL location hierarchy where this would
> help, we can add it to the whitelist in sourceware-GENERAL.conf L32.

unfortunately, projects don't seem to be consistent here.  maybe if we
declared a rule like **/manual/** would allow inline csp, we could get
people to harmonize on a common layout (and leave symlinks for the old
paths so we don't break people).

quick survey of some projects ...

binutils: https://sourceware.org/binutils/docs*/**
bzip2:    https://sourceware.org/bzip2/manual/**
cgen:     https://sourceware.org/cgen/docs*/**
gdb:      https://sourceware.org/gdb/current/onlinedocs/**
glibc:    https://sourceware.org/glibc/manual/**
newlib:   https://sourceware.org/newlib/lib*.html
          (although i'm trying to change newlib to a manual/** system)
psim:     https://sourceware.org/psim/manual/** 
sid:      https://sourceware.org/sid/**
sim:      https://sourceware.org/gdb/sim/manual/**
          (i haven't published this yet)
-mike