Proposal: Amendment for section 7.7 debian policy

To: debian-policy@lists.debian.org
Subject: Proposal: Amendment for section 7.7 debian policy
From: Martin Zobel-Helas <zobel@ftbfs.de>
Date: Fri, 10 Jul 2009 00:34:47 +0200
Message-id: <[🔎] 20090709223447.GI3953@ftbfs.de>

Hi,

i would like to propose an addendum to section 7.7 of the Debian Policy:

| Build-Depends and Build-Depends-Indep must not depend directly or
| indirectly on packages which provide network services.

Rationale:
a) Packages with no secure default configuration may expose the building
   machine. Also network facing services may expose the system to
   security issues.
b) You can not relay on the assumption that init-scripts are not called
   within a building chroot.  

Improvments of the above text are welcome and reasons that proof me
wrong also.

-- 
 Martin Zobel-Helas <zobel@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 Public key http://zobel.ftbfs.de/5d64f870.asc   -   KeyID: 5D64 F870
 GPG Fingerprint:  5DB3 1301 375A A50F 07E7  302F 493E FB8E 5D64 F870

Reply to:

Follow-Ups:
- Re: Proposal: Amendment for section 7.7 debian policy
  - From: Russ Allbery <rra@debian.org>

Prev by Date: La Galerie des Accessoires - Soldes...
Next by Date: Re: Proposal: Amendment for section 7.7 debian policy
Previous by thread: La Galerie des Accessoires - Soldes...
Next by thread: Re: Proposal: Amendment for section 7.7 debian policy
Index(es):
- Date
- Thread