Bug#1068192: debian-policy: extended forbidden network access to contrib and non-freeo
On Thu, Apr 04, 2024 at 11:42:34AM -0700, Russ Allbery wrote:
> Tobias Frost <tobi@debian.org> writes:
> > On Wed, Apr 03, 2024 at 10:58:37PM +0200, Aurelien Jarno wrote:
>
> >> Thanks Philipp. Following that result, please find a patch proposal:
> >>
> >> --- a/policy/ch-source.rst
> >> +++ b/policy/ch-source.rst
> >> @@ -338,9 +338,9 @@
> >> For example, the build target should pass ``--disable-silent-rules``
> >> to any configure scripts. See also :ref:`s-binaries`.
> >>
> >> -For packages in the main archive, required targets must not attempt
> >> -network access, except, via the loopback interface, to services on the
> >> -build host that have been started by the build.
> >> +Required targets must not attempt network access, except, via the
> >> +loopback interface, to services on the build host that have been started
> >> +by the build.
> >>
> >> Required targets must not attempt to write outside of the unpacked
> >> source package tree. There are two exceptions. Firstly, the binary
>
> > LGTM, Seconded.
>
> Also looks good to me. Seconded.
I still think we should allow Autobuild: no as an escape hatch.
If we want to require non-free package to be autobuildable, we should
be more explicit about it (and probably require more feedback from
debian-devel).
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: