On Fri, Sep 09, 2016 at 03:57:42PM +0200, Adam Borowski wrote: > > "For packages in the main archive, no build step may attempt network > > access in a way that: > > - leaks sensitive data > > - changes the build result or the operations performed to produce it" > > As there's no way to distinguish such details automatically, and as > data/privacy leaks can be quite surprising, I'd strongly prefer the nice, > simple rule of "no attempt to access outside network, period". > > If _some_ network accesses are allowed, we can't easily spot the bad ones. > With the current wording of the policy, iptables ... -j LOG is all you need > for a QA check. I fully agree with this. But should this perhaps also be enforced in our build tools? Ie, have dpkg-buildpackage set up an empty namespace before executing debian/rules? AFAIK, at the moment it's only the buildds that block network access. A malicious upstream could have a build process that only does network access when it detects that it is not running on a buildd or that network access is not somehow blocked. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@debian.org>
Attachment:
signature.asc
Description: Digital signature