Bug#813471: Seeking seconds for patch to permit some network access to localhost
Sean Whitton:
> control: tag -1 +patch
>
> Hello,
>
> Here is a patch, for which I am seeking seconds, that tries to capture
> the points raised by Osamu, Guillem and Paul without getting into
> legalese -- Bill has a point. In particular, I think we can trust
> package maintainers to interpret "started by the build" sensibly.
>
> Discussion by Ian and Simon cloned into a separate bug and continued
> there. Gunnar's discussion should be a separate bug, so setting it
> aside for now.
>
>> diff --git a/policy/ch-source.rst b/policy/ch-source.rst
>> index 9e7d79c..34c90b3 100644
>> --- a/policy/ch-source.rst
>> +++ b/policy/ch-source.rst
>> @@ -278,7 +278,8 @@ non-interactive. It also follows that any target that these targets
>> depend on must also be non-interactive.
>>
>> For packages in the main archive, no required targets may attempt
>> -network access.
>> +network access, except to services on the build host that have been
>> +started by the build, via the loopback interface.
>>
>> The targets are as follows:
>>
>
The proposed text is awkward for me because I basically read it as:
""
For packages in the main archive, no required targets may attempt
network access, [... exception ...], via the loopback interface.
"""
Which is not at all what I expected to read given the subject.
Secondly, my reading of the text enables you to start tor and then talk
with that (and it is not quite clear whether the exception also applies
to the started service).
Maybe something like:
"""
For packages in the main archive, no required targets may attempt
network access (either directly or via services started by the build) on
any interface except for the loopback interface.
"""
(not sure if that hits into the legalese territory you trying to avoid;
I have not read the full discussion)
Thanks,
~Niels
Reply to: