Source: camo
Maintainer: Zulip Debian Packaging Team <debian@zulip.com>
Uploaders: Luke Faraone <lfaraone@debian.org>
Section: web
Priority: optional
Build-Depends: debhelper-compat (= 13),
               coffeescript,
               rake,
               thin,
               ruby-rest-client,
               ruby-addressable,
               procps
Standards-Version: 4.7.0
Vcs-Browser: https://salsa.debian.org/debian/camo
Vcs-Git: https://salsa.debian.org/debian/camo.git
Homepage: https://github.com/atmos/camo
Rules-Requires-Root: no

Package: camo
Architecture: all
Depends: nodejs,
         ${misc:Depends},
         openssl
Pre-Depends: ${misc:Pre-Depends},
             init-system-helpers
Description: SSL/TLS image proxy to prevent mixed-content warnings
 Camo is an image proxy to prevent mixed content warnings on secure
 pages.
 .
 It should not be installed by an end-user; instead people who operate
 websites that allow user-specified image embeds by URL can run this as
 a daemon to proxy such images through their own servers and serve the
 resulting content over SSL/TLS.
 .
 This provides integrity protection and last-mile confidentiality to
 images, thus preventing a local network attacker from seeing the images
 you request (allowing for possible disclosure of the content you're
 viewing) or changing their content (to misinform, confuse, or shock).
 .
 It of course does not prevent an attacker from modifying the content or
 noticing its access if the attacker is in the path between your
 datacentre and the image source.
 .
 However, even in this case, it provides some security insofar as it
 may prevent the attacker from knowing who is accessing the image.
 .
 Using a shared key, proxy URLs are encrypted with hmac so we can bust
 caches/ban/rate limit if needed.
 .
 Features include:
  * Proxy Google charts
  * Proxy images under 5 MB
  * Follow redirects to a configurable depth
  * Proxy remote images with a content-type of image/*
  * Disallows proxying to private IP ranges