Debian package security policies

To: debian-devel@lists.debian.org
Subject: Debian package security policies
From: Esokrates <esokrarkose@gmail.com>
Date: Sun, 05 Apr 2015 12:20:24 +0200
Message-id: <[🔎] 2213774.hSPHtGL0S9@ubuntu>

Hi,

I am asking myself the following questions and am wondering if there is a 
policy covering the aspects:

* Are source packages of free software packages required to only contain 
source code without binaries (maybe with the exception of the linux kernel and 
its firmware blobs)?
* Inspired by the following: 
https://code.google.com/p/chromium/issues/detail?id=350913 I am asking myself 
if debian source packages are (required to be able to) build offline? Or could 
it be that a package pulls in binaries/(source code) as part of the build 
process?
Is Debian one of the "distributions having a strict "build from source" 
requirement. Packages are built in a restricted environment and are required 
to declare in some way what binaries they need to build. The network is not 
available"

This would be something I would really like to know, since it is of strong 
philosophical value for me. I have already read some policies of the debian 
project, but could not specifically find a section covering those aspects.
Considering reproducible builds becoming reality, that aspect is really one 
that is important for me.

Thanks very much!

Reply to:

Follow-Ups:
- Re: Debian package security policies
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#781906: ITP: erlang-riak-client -- Erlang clients for Riak
Next by Date: Re: Debian package security policies
Previous by thread: Bug#781906: ITP: erlang-riak-client -- Erlang clients for Riak
Next by thread: Re: Debian package security policies
Index(es):
- Date
- Thread