Re: Proposal: Amendment for section 7.7 debian policy
Martin Zobel-Helas <zobel@ftbfs.de> writes:
> i would like to propose an addendum to section 7.7 of the Debian Policy:
>
> | Build-Depends and Build-Depends-Indep must not depend directly or
> | indirectly on packages which provide network services.
Package maintainers have little control over what their packages depend
on indirectly, and it can also change entirely without their knowledge.
I think we'd have to put the burden somewhere else for that to be
effective.
> Rationale:
> a) Packages with no secure default configuration may expose the building
> machine. Also network facing services may expose the system to
> security issues.
We should not have any packages in the *archive* that enable an insecure
network service on installation. That's an RC bug in that package and
should be dealt with that way, IMO.
> b) You can not relay on the assumption that init-scripts are not called
> within a building chroot.
I think this raises a broader issue beyond just network services, namely
what happens when packages build-depend on a package that starts a
daemon. (For instance, packages installed on buildds are not
necessarily removed after the build, which can leave the daemon
running.)
I suspect the easiest practical solution to this problem would be to
refute (b) by guaranteeing that init scripts are not called within a
building chroot, although of course we can only make that guarantee for
our build infrastructure, not for other contributors who want to build
Debian packages.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: