On Mon, 2018-07-23 at 20:16 +0100, Ian Jackson wrote: > LGTM. It might be worth saying "the apt repository (both source and > binaries)". There are both packages which fetch .debs explicitly, and > packages which fetch sources explicitly (yes, this is not very good, > but consensus in a discussion of relevant people in ? Nicaragua I > think was that there isn't a better way right now, and that making a > better way would be a *lot* of work). Sean and I discussed this at DebCamp and he mentioned that udeb building packages have an exception from (most?) of policy, so we probably do not need this particular apt repo network exception? The only other reason I can think of to need access to the apt repo from the build scripts is as an alternative workaround to the "cannot build-dep on source packages" problem, which is usually worked around via -source binary packages. The -source workaround is used by toolchain packages, external Linux kernel drivers and some other things. It seems to be working OK so I suggest that we deprecate all access to the apt repo except for d-i and installing Build-Depends. > If you access the archive to fetch .debs or .dscs, you almost > certainly needed to put in a Built-Using. Maybe we should mention > that ? Since Built-Using is *only* for license compliance (and folks strongly discourage its use for other things such as static linking), that is completely dependent on the license of the source/binary being fetched. It is probably worth mentioning if we add the apt repo exception. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part