Hello Niels, On Sun 22 Jul 2018 at 09:33AM GMT, Niels Thykier wrote: > The proposed text is awkward for me because I basically read it as: > > "" > For packages in the main archive, no required targets may attempt > network access, [... exception ...], via the loopback interface. > """ > > Which is not at all what I expected to read given the subject. I don't follow what's awkward about this; please say more. > Secondly, my reading of the text enables you to start tor and then talk > with that (and it is not quite clear whether the exception also applies > to the started service). Good point. I think the simplest way to address this is to say that the requirement applies recursively. > Maybe something like: > > """ > For packages in the main archive, no required targets may attempt > network access (either directly or via services started by the build) on > any interface except for the loopback interface. > """ This text does not address Paul's point that package builds should not talk to unrelated services on the host. Given that I don't follow what you mean by awkward, I don't think I know what you are trying to achieve with this new text, so I'll wait for a reply to my first question. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature