Debian package security policies
Hi,
I am asking myself the following questions and am wondering if there is a
policy covering the aspects:
* Are source packages of free software packages required to only contain
source code without binaries (maybe with the exception of the linux kernel and
its firmware blobs)?
* Inspired by the following:
https://code.google.com/p/chromium/issues/detail?id=350913 I am asking myself
if debian source packages are (required to be able to) build offline? Or could
it be that a package pulls in binaries/(source code) as part of the build
process?
Is Debian one of the "distributions having a strict "build from source"
requirement. Packages are built in a restricted environment and are required
to declare in some way what binaries they need to build. The network is not
available"
This would be something I would really like to know, since it is of strong
philosophical value for me. I have already read some policies of the debian
project, but could not specifically find a section covering those aspects.
Considering reproducible builds becoming reality, that aspect is really one
that is important for me.
Thanks very much!
Reply to: