Bug#1068192: debian-policy: extend forbidden network access to contrib and non-free
On 2024-04-01 17:52, Bill Allombert wrote:
> On Mon, Apr 01, 2024 at 05:29:54PM +0200, Aurelien Jarno wrote:
> > Package: debian-policy
> > Version: 4.6.2.1
> > Severity: normal
> > X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org
> > Control: affects -1 buildd.debian.org
> >
> > Hi,
> >
> > The debian policy, section 4.9, forbids network access for packages in
> > the main archive, which implicitly means they are authorized for
> > packages in contrib and non-free (and non-free-firmware once #1029211 is
> > fixed).
> >
> > This gives constraints on the build daemons infrastructure and also
> > brings some security concerns. Would it be possible to extend this
> > restriction to all archives?
>
> Does the build daemons actually build non-free ?
Yes, they do, though only part of non-free, only the packages that have
Autobuild: yes and that have been put on an allow list after review.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://aurel32.net
Reply to: