[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#813471: Seeking seconds for patch to permit some network access to localhost

Paul Wise writes ("Re: Bug#813471: Seeking seconds for patch to permit some network access to localhost"):
> Sean and I discussed this at DebCamp and he mentioned that udeb
> building packages have an exception from (most?) of policy, so we
> probably do not need this particular apt repo network exception?

I don't think this is sound, really.  *udebs* have an exception from
policy but "udeb-consuming packages are allowed to access the network
but others aren't" ?

> The only other reason I can think of to need access to the apt repo
> from the build scripts is as an alternative workaround to the "cannot
> build-dep on source packages" problem, which is usually worked around
> via -source binary packages. The -source workaround is used by
> toolchain packages, external Linux kernel drivers and some other
> things. It seems to be working OK so I suggest that we deprecate all
> access to the apt repo except for d-i and installing Build-Depends.

The problem with this is that you need cooperation - and quite serious
and to-them-intrusive cooperation - from the packages you want to
build-depend-source on.

I had a use case which motivated my conversation in Nicaragua: Xen
wanted to rebuild a whole bunch of things (all of the dependencies of
a stripped-down version of qemu) in a special unikernel-like
environment.  Obviously asking the maintainers of gettext and qemu and
whatever to provide -source packages was not desirable.  Nor was
copying the code.

As it happens this never came to pass, but it shows that this kind of
"mini-distro" is not limited to d-i.

> Since Built-Using is *only* for license compliance (and folks strongly
> discourage its use for other things such as static linking), that is
> completely dependent on the license of the source/binary being fetched.
> It is probably worth mentioning if we add the apt repo exception.

Right.

Thanks,
Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: