Bug#1068192: debian-policy: extended forbidden network access to contrib and non-free
On Tue, Apr 02, 2024 at 09:21:02AM +0800, Sean Whitton wrote:
> Hello,
>
> On Mon 01 Apr 2024 at 05:29pm +02, Aurelien Jarno wrote:
>
> > Package: debian-policy
> > Version: 4.6.2.1
> > Severity: normal
> > X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org
> > Control: affects -1 buildd.debian.org
> >
> > Hi,
> >
> > The debian policy, section 4.9, forbids network access for packages in
> > the main archive, which implicitly means they are authorized for
> > packages in contrib and non-free (and non-free-firmware once #1029211 is
> > fixed).
> >
> > This gives constraints on the build daemons infrastructure and also
> > brings some security concerns. Would it be possible to extend this
> > restriction to all archives?
>
> We need to know if this is going to break existing packages and allow
> some input from their maintainers. Are you able to prepare a list of
> the affected packages?
What I suggested was that "Autobuild: yes" imply no network access.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: