On Wed, 07 Sep 2016 08:41:19 +0200, Christoph Biedl wrote:
> > One of the package that I maintain (python-asyncssh) makes a DNS request
> > during build and expects it to fail. Since Policy 4.9 forbids network
> > access (in a rather confusing wording "may not"), I got this serious
> > bug:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830568
> This was my constant fear since the first day I learned about this
> policy. While I consider the change the right thing, I'm somewhat
> concerned the wording leads to requirements that neither were intended
> nor are necessary to reach the goal that I consider the idea behind
> it: The behaviour of any network activity must not affect the result
> of the build.
IIRC (I didn't re-read the whole bug log now) the intention in
#770016 was indeed more than "not affect the build result" but
"explicitly forbid any attempt to access the network because leak".
As a result policy 4.9. now says:
For packages in the main archive, no required targets may attempt
network access.
which in my understanding makes a DNS lookup for example.org in a
test which fails gracefully and has no relation whatsoever to the
resulting binary package a policy violation and thereby an RC bug.
If this was not the original intention or if the community now comes
to the conclusion that this is maybe a bit over the top (as Russ' and
Vorlon's mails seem to imply, and I share their sentiments), I think
we need to change the wording in policy.
Cheers,
gregor
--
.''`. Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Ben Weaver: Voice In The Wilderness
Attachment:
signature.asc
Description: Digital Signature