[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: Amendment for section 7.7 debian policy

Russ Allbery <rra@debian.org> writes:

> Martin Zobel-Helas <zobel@ftbfs.de> writes:
>> i would like to propose an addendum to section 7.7 of the Debian Policy:
>> | Build-Depends and Build-Depends-Indep must not depend directly or
>> | indirectly on packages which provide network services.
> Package maintainers have little control over what their packages depend
> on indirectly, and it can also change entirely without their knowledge.
> I think we'd have to put the burden somewhere else for that to be
> effective.
>> Rationale:

Isn't the bigger problem that those services might already be running
outside the chroot and the build process would get the wrong one?

>> a) Packages with no secure default configuration may expose the building
>>    machine. Also network facing services may expose the system to
>>    security issues.
> We should not have any packages in the *archive* that enable an insecure
> network service on installation.  That's an RC bug in that package and
> should be dealt with that way, IMO.
>> b) You can not relay on the assumption that init-scripts are not called
>>    within a building chroot.  
> I think this raises a broader issue beyond just network services, namely
> what happens when packages build-depend on a package that starts a
> daemon.  (For instance, packages installed on buildds are not
> necessarily removed after the build, which can leave the daemon
> running.)
> I suspect the easiest practical solution to this problem would be to
> refute (b) by guaranteeing that init scripts are not called within a
> building chroot, although of course we can only make that guarantee for
> our build infrastructure, not for other contributors who want to build
> Debian packages.

But that then is their problem. There is a policy-rc.d for a reason
and cdebootstrap automatically sets one.


Reply to: