[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Network access during build

gregor herrmann <gregoa@debian.org> writes:

> IIRC (I didn't re-read the whole bug log now) the intention in
> #770016 was indeed more than "not affect the build result" but
> "explicitly forbid any attempt to access the network because leak".

> As a result policy 4.9. now says:

>      For packages in the main archive, no required targets may attempt
>      network access.

> which in my understanding makes a DNS lookup for example.org in a
> test which fails gracefully and has no relation whatsoever to the
> resulting binary package a policy violation and thereby an RC bug.

> If this was not the original intention or if the community now comes
> to the conclusion that this is maybe a bit over the top (as Russ' and
> Vorlon's mails seem to imply, and I share their sentiments), I think
> we need to change the wording in policy.

Yeah, I think we want a "must not fail when it doesn't have network
access" (that's the legit RC bug, because it makes the build not work in
reasonable configurations) combined with something at the should level
around not leaking privacy-relevant information from the build (since this
is something to which the package maintainer should bring nuance and
deeper understanding, so you want the wiggle room of should).

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: