Quoting Didier 'OdyX' Raboud (2015-12-07 12:52:26) > Control: tags -1 +wontfix > > Le dimanche, 6 décembre 2015, 18.02:48 Jonas Smedegaard a écrit : >> debian-installer-netboot-images source package is less than 6k in >> size. Clearly the main part of the resulting binary packages come >> from fetching resources over the network (apparently using wget). >> Debian Policy includes the following in §4.2: >>> If build-time dependencies are specified, it must be possible to >>> build the package and produce working binaries on a system with only >>> essential and build-essential packages installed and also those >>> required to satisfy the build-time relationships (including any >>> implied relationships). >> >> I can only interpret above as disallowing fetching resources over the >> network using wget. > > d-i-n-i does (it's own) trust-path checking upon download, and it's > doing so because there's (currently) no way to have these files local > through Build-Depends. > > The specificity of the resulting packages is that they are arch-all > while containing arch-specific files. Their value comes from the fact > that you can install netboot images for all Debian architectures > (through arch:all packages) on any Debian architecture, without having > to add add these archs through multiarch. > > So the alternative would be to build these arch:all packages in the > debian-installer build-arch target, but that wouldn't pass the > incoming processing, as far as I know, as dak currently considers that > there will be only one arch:all changes file per source. > > Now talkin' crazy; we could also (ab)use byhand processing to produce > these packages on the archive side; but using the archive to produce > packages isn't really something we want to dive into. Thanks for clarifying. > So, the situation is known to not be Policy-compliant, but at least > there's trust-path checking. In this specific case, I value the > existance of these packages in their current form higher than Policy- > compliance, thereby tagging +wontfix. But I'm open to ideas! > > What would you propose? Seems to me the underlying issue is that those parts fetched with wget is not provided in any binary package. Does that sound correct to you? I have filed bug#807312 about that, and marked it as blocking this one. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature