On Sun, 2018-07-22 at 10:41 +0000, Niels Thykier wrote: > Basically I read "No required target may attempt network access via the > loopback interface (except if/when ...).". To me that implies /only/ > the loopback interface is restricted by that sentence (i.e. any other > network interface is not restricted by this sentence). > > If there is another saying that no other network interfaces may be used > during the build, then the loopback restriction may be fine. But the > original sentence sounded like it was the only sentence restricting > network access. For clarity, how about we separate the two types of network access? In addition, d-i relies on access to the apt repo for the system. I can imagine other uses of that, so I added a carve-out for that. For packages in the main archive, no required targets may attempt network access on non-loopback interfaces, except to the apt repository used by the system. For packages in the main archive, no required targets may attempt network access on the loopback interface, except to services that were started by the build process. Services started by the build process must be shut down after use. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part