Re: Network access during build
Hi!
On Wed, 2016-09-07 at 08:41:19 +0200, Christoph Biedl wrote:
> Vincent Bernat wrote...
>
> > One of the package that I maintain (python-asyncssh) makes a DNS request
> > during build and expects it to fail. Since Policy 4.9 forbids network
> > access (in a rather confusing wording "may not"), I got this serious
> > bug:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830568
>
> This was my constant fear since the first day I learned about this
> policy. While I consider the change the right thing, I'm somewhat
> concerned the wording leads to requirements that neither were intended
> nor are necessary to reach the goal that I consider the idea behind
> it: The behaviour of any network activity must not affect the result
> of the build. Where behaviour includes unavailability, and completely
> unexpected behaviour like providing bogus data for any kind of
> request. The easiest way to enforce this is to disallow network
> traffic at all.
>
> Now the funny question: Does traffic on the loopback interface count
> as network access? A daemon started during build to run tests is
> certainly okay. What about traffic to other daemons, most prominentely
> named? Running "hostname --fqdn" unless this is handled by /etc/hosts
> already? Also, I remember a certain package (name withheld) did a
> *lot* of DNS traffic in the test suite, so far nobody has shown
> concerns about this.
https://bugs.debian.org/813471
Thanks,
Guillem
Reply to: