severity 399754 important thanks On Tue, Nov 21, 2006 at 09:32:26PM +0100, Petter Reinholdtsen wrote: > [Goswin Brederlow] > > A package MUST not require resources outside of the buildd. How > > could the security team release a new version if the external > > resources are dead? How can a build be reproduced if the external > > resource changes contents?
> This package is intended to reflect the package content of the APT > sources at the time of the build, and thus should _not_ stat the same > when the external resources change content. It is a meta-package > depending on the package available in the Debian archive at the time > it is built. The "source" in this case is the list of wanted packages > for the implemented package profiles, and the binary packages > represent the available packages at the time of the build. > In short, this package _should_ require resources outside the buildd, > and every time it is rebuilt _should_ change to reflect the external > sources. > > when building debian-edu I get > > make[1]: Entering directory > > `/home/formorer/build/debian-edu_0.812/debian-edu-0.812' > > ./gen-control -s ./sources.list.terra -t > debian-edu-tasks.desc.new && mv > > debian-edu-tasks.desc.new debian-edu-tasks.desc > > Err http://ftp.skolelinux.org etch Release.gpg > > Could not connect to ftp.skolelinux.org:80 (158.36.191.142), connection > > timed out > The ftp.skolelinux.org ftp server is still working as it used to. I > guess you either have a special network configuration, or there is > something else strange going on. > I guess we could make the build check if the apt sources is available > before trying to fetch data from the, and allow the build to be a > no-op if no network is available (just passing on the previous list of > packages). Not sure if it is worth the effort, though. Packages should not depend on network resources external to Debian for building. It should also be possible to rebuild packages in an off-line environment. This package appears to fail on both counts. I'm lowering the severity of this particular bug strictly on the grounds that I can't foresee the security team ever having to do an update for the package. Still, it would be appreciated if you would adjust the package to build from source even when ftp.skolelinux.org is unavailable. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
