Bug#770016: Clarify network access for building packages in main

To: Bill Allombert <ballombe@debian.org>
Cc: Henrique de Moraes Holschuh <hmh@debian.org>, 770016@bugs.debian.org, Andrey Rahmatullin <wrar@wrar.name>, David Suárez <david.sephirot@gmail.com>
Subject: Bug#770016: Clarify network access for building packages in main
From: Lucas Nussbaum <lucas@debian.org>
Date: Mon, 24 Nov 2014 10:21:27 +0100
Message-id: <[🔎] 20141124092127.GA29756@xanadu.blop.info>
Reply-to: Lucas Nussbaum <lucas@debian.org>, 770016@bugs.debian.org
In-reply-to: <[🔎] 20141123201344.GA17142@yellowpig>
References: <[🔎] 20141118100307.18543.32565.reportbug@arakhmatullin> <[🔎] 20141123163850.GA14540@yellowpig> <[🔎] 20141123184700.GD18823@khazad-dum.debian.net> <[🔎] 20141123190304.GC16143@yellowpig> <[🔎] 20141123191533.GA9637@xanadu.blop.info> <[🔎] 20141123201344.GA17142@yellowpig>

On 23/11/14 at 21:13 +0100, Bill Allombert wrote:
> On Sun, Nov 23, 2014 at 08:15:33PM +0100, Lucas Nussbaum wrote:
> > On 23/11/14 at 20:03 +0100, Bill Allombert wrote:
> > > On Sun, Nov 23, 2014 at 04:47:00PM -0200, Henrique de Moraes Holschuh wrote:
> > > > On Sun, 23 Nov 2014, Bill Allombert wrote:
> > > > > --- a/policy.sgml
> > > > > +++ b/policy.sgml
> > > > > @@ -1928,12 +1928,16 @@ zope.
> > > > >  	  impossible to auto-compile that package and also makes it hard
> > > > >  	  for other people to reproduce the same binary package, all
> > > > >  	  required targets must be non-interactive.  It also follows that
> > > > >  	  any target that these targets depend on must also be
> > > > >  	  non-interactive.
> > > > >  	</p>
> > > > > +	<p>
> > > > > +          For packages in the main archive, no required targets
> > > > > +          may attempt network access.
> > > > > +	</p>
> > > > >  
> > > > >  	<p>
> > > > >  	  The targets are as follows:
> > > > >  	  <taglist>
> > > > >  	    <tag><tt>build</tt> (required)</tag>
> > > > >  	    <item>
> > > > 
> > > > This is something we want for multiple reasons, but have we already fixed
> > > > all instances of, e.g., validating sgml/xml parsers trying to fetch DTDs or
> > > > schemas during documentation build ?  Or other network access attempts that
> > > > don't fail a build (and helpfully don't modify it either)?
> > > 
> > > Lucas, can you confirm that the main archive ca be rebuild without external
> > > network access ?
> > 
> > No: that's something I used to check (by building on machines with
> > specific firewall rules to forbid external network access), but that I
> > haven't been testing recently.
> 
> Was there a lot of failure ?

No

> What severity did you use for the bug report ?

serious

> Are you in favor of the patch above ?

In general, yes.
I wonder if it should be turned into "the package must not rely on
external access network to build correctly". A package that checks if
network access is available, and run more tests if it's the case, could
be fine.

Lucas

Reply to:

Follow-Ups:
- Bug#770016: Clarify network access for building packages in main
  - From: Jakub Wilk <jwilk@debian.org>

References:
- Bug#770016: Clarify network access for building packages in main
  - From: Andrey Rahmatullin <wrar@wrar.name>
- Bug#770016: Clarify network access for building packages in main
  - From: Bill Allombert <ballombe@debian.org>
- Bug#770016: Clarify network access for building packages in main
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Bug#770016: Clarify network access for building packages in main
  - From: Bill Allombert <ballombe@debian.org>
- Bug#770016: Clarify network access for building packages in main
  - From: Lucas Nussbaum <lucas@debian.org>
- Bug#770016: Clarify network access for building packages in main
  - From: Bill Allombert <ballombe@debian.org>

Prev by Date: Bug#768117: debian-policy: WSGI API must distinguish between Python 2 and 3
Next by Date: Bug#770016: Clarify network access for building packages in main
Previous by thread: Bug#770016: Clarify network access for building packages in main
Next by thread: Bug#770016: Clarify network access for building packages in main
Index(es):
- Date
- Thread