Bug#845715: Required targets must not write outside of the source package tree

[Russ Allbery <rra@debian.org>]

Sean Whitton <spwhitton@spwhitton.name> writes:

> I reformatted and wordsmithed josch's patch, second it myself, and am
> seeking further seconds.

> Given that whole archive rebuilds with use sbuild and already catch
> packages that violate this requirement, making this change would not
> declare any packages buggy that would not already be considered buggy,
> so we can make it right away.

Excellent!  This has been a long-standing issue, and it's great to finally
get this into Policy.

One minor wording nit, seconded either way:

> +Required targets must not attempt to write outside of the unpacked
> +source package tree. An exception to this rule is the use of
> +``TMPDIR`` (or ``/tmp`` if that is not set) which is permitted as long
> +as temporary files are deleted by the end of the target, and not
> +reused by subsequent execution of the target.  This restriction is

How about:

    As an exception, required targets may write to the directory specified
    by the ``TMPDIR`` environment variable (or ``/tmp`` if that is not
    set), provided that files created in that directory are deleted before
    the target completes and are not reused by subsequent executions of
    the target.

This explicitly states that this is an environment variable and makes it
clear that it refers to a directory.

> +intended to prevent source package builds creating and depending on
> +state outside of themselves, thus affecting multiple independent
> +rebuilds.  In particular, the required targets must not attempt to
> +write into ``HOME``.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>