Bug#813471: Seeking seconds for patch to permit some network access to localhost
Paul Wise writes ("Bug#813471: Seeking seconds for patch to permit some network access to localhost"):
> For clarity, how about we separate the two types of network access?
>
> In addition, d-i relies on access to the apt repo for the system.
> I can imagine other uses of that, so I added a carve-out for that.
>
> For packages in the main archive, no required targets may attempt
> network access on non-loopback interfaces, except to the apt
> repository used by the system.
LGTM. It might be worth saying "the apt repository (both source and
binaries)". There are both packages which fetch .debs explicitly, and
packages which fetch sources explicitly (yes, this is not very good,
but consensus in a discussion of relevant people in ? Nicaragua I
think was that there isn't a better way right now, and that making a
better way would be a *lot* of work).
If you access the archive to fetch .debs or .dscs, you almost
certainly needed to put in a Built-Using. Maybe we should mention
that ?
> For packages in the main archive, no required targets may attempt
> network access on the loopback interface, except to services that
> were started by the build process. Services started by the build
> process must be shut down after use.
LGTM.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: