Bug#905401: permit access to apt repositories during builds

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Jonathan Nieder writes ("Re: permit access to apt repositories during builds"):
> Ian Jackson wrote:
> > See
> >   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813471#126
> > for a more extended rationale for permitting access to sources
> > as well as binaries.
> 
> My feeling is that this should be an outside-policy carveout, since it
> makes many applications (e.g., analyzing the build graph, especially
> when needed for bootstrapping) no longer possible.

I don't really agree with the basic concept of an "outside-policy
carveout".  Also, this is the only way to implement many important and
useful things.

But I think you do have a legitimate concern.  I think we probably
want to add a mechanism for a package to declare (eg in its buildinfo
or changes maybe?) what it got from apt.  What do you think ?

> Seconded.

Thanks.

> This doesn't mean I like the change.  It just means that I think this
> reflects the outcome of the discussion you cited.  My understanding is
> that the current policy process doesn't require me to check that the
> main relevant stakeholders among those who haven't spoken up have
> weighed in, since they can propose additional changes to address any
> harms.

I'll let Sean weigh in on process.

Thanks,
Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.