On Fri, Apr 05, 2024 at 09:49:58PM +0200, Aurelien Jarno wrote: > On 2024-04-04 22:38, Bill Allombert wrote: > > On Thu, Apr 04, 2024 at 01:22:19PM -0700, Russ Allbery wrote: > > > I'm not sure what I think about that. We have a general escape hatch > > > already for non-free packages in Policy 2.2.3 that says they may not fully > > > comply with Policy, which may be sufficient. > > > > But precisely, we _do_ want non-free packages that are built on the autobuilders > > to comply with this requirement. So we do not want 2.2.3 to apply in that > > specific case. It seems cleaner to say that the requirement only apply if > > Autobuild: yes is declared. > > If we go that route, here is a proposed alternative patch: > > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -338,7 +338,8 @@ > For example, the build target should pass ``--disable-silent-rules`` > to any configure scripts. See also :ref:`s-binaries`. > > -For packages in the main archive, required targets must not attempt > +Except for packages in the non-free archive with the ``Autobuild`` > +control field unset or set to ``no``, required targets must not attempt > network access, except, via the loopback interface, to services on the > build host that have been started by the build. Seconded as well. (I think the other version is fine too; Another thought: Can't (some) non-free non-autobuildable be tought not do download at build time? I think it should be encouraged to download only if there is no other way…) -- tobi > -- > Aurelien Jarno GPG: 4096R/1DDD8C9B > aurelien@aurel32.net http://aurel32.net
Attachment:
signature.asc
Description: PGP signature