Re: Network access during build

[Paul Wise <pabs@debian.org>]

On Fri, Sep 9, 2016 at 3:39 PM, Emmanuel Bourg wrote:

> "For packages in the main archive, no build step may attempt network
> access in a way that:
> - leaks sensitive data
> - changes the build result or the operations performed to produce it"
>
> (with the build result defined as the binary packages produced)

I think what we actually want is for the build to be completely
self-contained, whether or not the person running the build is using
technical mechanisms to enforce that. So something like this:

Nothing inside the build environment (defined as dpkg-buildpackage or
debian/rules and all sub-processes along with the files installed from
build-essential and Build-Depends) may contact any processes, network
resources nor use any files outside the build environment (modulo
/dev/null and the like).

-- 
bye,
pabs

https://wiki.debian.org/PaulWise