Bug#942051: debian-policy: [4.9] requirement to write only to /tmp, /var/tmp, ${TMPDIR} is too strict

[Bastian Blank <waldi@debian.org>]

On Wed, Oct 09, 2019 at 05:51:53PM +0200, Ansgar Burchardt wrote:
> While checking the upgrade checklist I noticed this new requirement:
> +---
> | 4.9
> |    Required targets must not write outside of the unpacked source
> |    package tree, except for TMPDIR, /tmp and /var/tmp.
> +---
> The wording is a bit too strict and should be relaxed.  There are
> other paths that should be fine to be written to during the build
> process, for example /dev/shm, /run/lock[1], or possibly anything
> below /proc/<pid> for processes spawned by the build process.

Why do you think package builds should be allowed to use /run/lock?  It
records system state.

The use of /dev/shm is an implementation detail of the shm
implementation in libc.  I don't think using the shm stuff counts as
writing.

If you take the strict approach, then writing to stdout and stderr would
be forbidden as well.

Regards,
Bastian

-- 
Ahead warp factor one, Mr. Sulu.