On Fri, Sep 09, 2016 at 03:57:42PM +0200, Adam Borowski wrote:
> > "For packages in the main archive, no build step may attempt network
> > access in a way that:
> > - leaks sensitive data
> > - changes the build result or the operations performed to produce it"
>
> As there's no way to distinguish such details automatically, and as
> data/privacy leaks can be quite surprising, I'd strongly prefer the nice,
> simple rule of "no attempt to access outside network, period".
>
> If _some_ network accesses are allowed, we can't easily spot the bad ones.
> With the current wording of the policy, iptables ... -j LOG is all you need
> for a QA check.
I fully agree with this.
But should this perhaps also be enforced in our build tools? Ie, have
dpkg-buildpackage set up an empty namespace before executing
debian/rules? AFAIK, at the moment it's only the buildds that block
network access. A malicious upstream could have a build process that
only does network access when it detects that it is not running on a
buildd or that network access is not somehow blocked.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>
Attachment:
signature.asc
Description: Digital signature