Re: Network access during build
On 09/07/2016 07:17 AM, Vincent Bernat wrote:
> Hey!
>
> One of the package that I maintain (python-asyncssh) makes a DNS request
> during build and expects it to fail. Since Policy 4.9 forbids network
> access (in a rather confusing wording "may not"), I got this serious
> bug:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830568
>
> The fix is easy: just disable the test.
>
> However, I have a hard time to find this useful for anyone. To sum up:
>
> - patching the test suite requires maintaining the patch forever
> - both pbuilder and sbuild are using an isolated network namespace
> - package builds reproducibly with or without network access
>
> I have the impression that enforcing every word of the policy in the
> hard sense can bring endless serious bugs. This particular occurrence
> affected about 70 packages. I appear as a bad maintainer because I don't
> feel this is an important bug.
>
> Any thoughts?
I've seen Lamby opening the same type of bugs on my package.
While I do agree that a package *must* be able to build without Internet
access (for example, the test suite should never mandate access to a
working DNS, or a query to a google search, both of which are real world
cases...), I'm not sure about the severity: serious.
I don't think it is a so big issue if a package is doing some network
operation, but doesn't fail building if there's no Internet
connectivity. The only problem (as Christian mentioned) would be a
privacy concern in some cases. In such a case, the severity would be
"important", but not "serious" (ie: probably not serious enough to be an
RC bug), and it'd be nice if the subject of the bug was reflecting the
privacy concern rather than the "no network during build" policy thing
(though I can imagine it'd be harder to file the bug).
Any thoughts on the severity anyone?
Cheers,
Thomas Goirand (zigo)
Reply to: