Martin Zobel-Helas <zo...@ftbfs.de> writes: > i would like to propose an addendum to section 7.7 of the Debian Policy: > > | Build-Depends and Build-Depends-Indep must not depend directly or > | indirectly on packages which provide network services.
Package maintainers have little control over what their packages depend on indirectly, and it can also change entirely without their knowledge. I think we'd have to put the burden somewhere else for that to be effective. > Rationale: > a) Packages with no secure default configuration may expose the building > machine. Also network facing services may expose the system to > security issues. We should not have any packages in the *archive* that enable an insecure network service on installation. That's an RC bug in that package and should be dealt with that way, IMO. > b) You can not relay on the assumption that init-scripts are not called > within a building chroot. I think this raises a broader issue beyond just network services, namely what happens when packages build-depend on a package that starts a daemon. (For instance, packages installed on buildds are not necessarily removed after the build, which can leave the daemon running.) I suspect the easiest practical solution to this problem would be to refute (b) by guaranteeing that init scripts are not called within a building chroot, although of course we can only make that guarantee for our build infrastructure, not for other contributors who want to build Debian packages. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
