Bug#1068192: debian-policy: extended forbidden network access to contrib and non-free
Hi,
On 2024-04-02 09:21, Sean Whitton wrote:
> Hello,
>
> On Mon 01 Apr 2024 at 05:29pm +02, Aurelien Jarno wrote:
>
> > Package: debian-policy
> > Version: 4.6.2.1
> > Severity: normal
> > X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org
> > Control: affects -1 buildd.debian.org
> >
> > Hi,
> >
> > The debian policy, section 4.9, forbids network access for packages in
> > the main archive, which implicitly means they are authorized for
> > packages in contrib and non-free (and non-free-firmware once #1029211 is
> > fixed).
> >
> > This gives constraints on the build daemons infrastructure and also
> > brings some security concerns. Would it be possible to extend this
> > restriction to all archives?
>
> We need to know if this is going to break existing packages and allow
> some input from their maintainers. Are you able to prepare a list of
> the affected packages?
Fair enough. I can work on that, but help would be welcome as my
resources are limited.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://aurel32.net
Reply to: