Bug#770016: Clarify network access for building packages in main
On Sun, Nov 23, 2014 at 08:15:33PM +0100, Lucas Nussbaum wrote:
> On 23/11/14 at 20:03 +0100, Bill Allombert wrote:
> > On Sun, Nov 23, 2014 at 04:47:00PM -0200, Henrique de Moraes Holschuh wrote:
> > > On Sun, 23 Nov 2014, Bill Allombert wrote:
> > > > --- a/policy.sgml
> > > > +++ b/policy.sgml
> > > > @@ -1928,12 +1928,16 @@ zope.
> > > > impossible to auto-compile that package and also makes it hard
> > > > for other people to reproduce the same binary package, all
> > > > required targets must be non-interactive. It also follows that
> > > > any target that these targets depend on must also be
> > > > non-interactive.
> > > > </p>
> > > > + <p>
> > > > + For packages in the main archive, no required targets
> > > > + may attempt network access.
> > > > + </p>
> > > >
> > > > <p>
> > > > The targets are as follows:
> > > > <taglist>
> > > > <tag><tt>build</tt> (required)</tag>
> > > > <item>
> > >
> > > This is something we want for multiple reasons, but have we already fixed
> > > all instances of, e.g., validating sgml/xml parsers trying to fetch DTDs or
> > > schemas during documentation build ? Or other network access attempts that
> > > don't fail a build (and helpfully don't modify it either)?
> > Lucas, can you confirm that the main archive ca be rebuild without external
> > network access ?
> No: that's something I used to check (by building on machines with
> specific firewall rules to forbid external network access), but that I
> haven't been testing recently.
Was there a lot of failure ? What severity did you use for the bug report ?
Are you in favor of the patch above ?
I think it reflect the general view and practice.
Imagine a large red swirl here.