Bug#1068192: debian-policy: extended forbidden network access to contrib and non-free
Hi,
On Tue, Apr 02, 2024 at 06:58:35AM +0200, Aurelien Jarno wrote:
> On 2024-04-02 09:21, Sean Whitton wrote:
> > Hello,
> >
> > On Mon 01 Apr 2024 at 05:29pm +02, Aurelien Jarno wrote:
> >
> > > The debian policy, section 4.9, forbids network access for packages in
> > > the main archive, which implicitly means they are authorized for
> > > packages in contrib and non-free (and non-free-firmware once #1029211 is
> > > fixed).
> > >
> > > This gives constraints on the build daemons infrastructure and also
> > > brings some security concerns. Would it be possible to extend this
> > > restriction to all archives?
> >
> > We need to know if this is going to break existing packages and allow
> > some input from their maintainers. Are you able to prepare a list of
> > the affected packages?
>
> Fair enough. I can work on that, but help would be welcome as my
> resources are limited.
I did a test rebuild of contrib, non-free and non-free-firmware packages
in sid with both stable sbuild schroot and unshare backends and could
not find a difference in build success (i.e. what failed failed in both,
what succeeded succeeded in both).
Kind regards
Philipp Kern
Reply to: