Bug#770016: Clarify network access for building packages in main
On 23/11/14 at 20:03 +0100, Bill Allombert wrote:
> On Sun, Nov 23, 2014 at 04:47:00PM -0200, Henrique de Moraes Holschuh wrote:
> > On Sun, 23 Nov 2014, Bill Allombert wrote:
> > > --- a/policy.sgml
> > > +++ b/policy.sgml
> > > @@ -1928,12 +1928,16 @@ zope.
> > > impossible to auto-compile that package and also makes it hard
> > > for other people to reproduce the same binary package, all
> > > required targets must be non-interactive. It also follows that
> > > any target that these targets depend on must also be
> > > non-interactive.
> > > </p>
> > > + <p>
> > > + For packages in the main archive, no required targets
> > > + may attempt network access.
> > > + </p>
> > >
> > > <p>
> > > The targets are as follows:
> > > <taglist>
> > > <tag><tt>build</tt> (required)</tag>
> > > <item>
> >
> > This is something we want for multiple reasons, but have we already fixed
> > all instances of, e.g., validating sgml/xml parsers trying to fetch DTDs or
> > schemas during documentation build ? Or other network access attempts that
> > don't fail a build (and helpfully don't modify it either)?
>
> Lucas, can you confirm that the main archive ca be rebuild without external
> network access ?
No: that's something I used to check (by building on machines with
specific firewall rules to forbid external network access), but that I
haven't been testing recently.
In the past, the rebuild setup was on a platform where external network
access was unavailable; but now that it moved to Amazon, this is no
longer a problem, and I haven't re-implemented the firewall rules.
Lucas
Reply to: