On Sun, Nov 23, 2014 at 05:38:50PM +0100, Bill Allombert wrote: > > Package: debian-policy > > Severity: wishlist > > > > 2.2.1 says "the packages in main > > > > must not require or recommend a package outside of main for compilation > > or > > execution (thus, the package must not declare a "Pre-Depends", "Depends", > > "Recommends", "Build-Depends", or "Build-Depends-Indep" relationship on a > > non- > > main package)," > > > > In practice there is a consensus that this also means "packages must not > > access > > external network servers" which conforms to the spirit but not to the > > letter of > > this section. > > I offer the attached patch, which target section > 4.9 Main building script: debian/rules > > This only address the issue in the bug title, namely > 'Clarify network access for building packages in main'. > > Cheers,
> diff --git a/policy.sgml b/policy.sgml > index 7bb703b..107ee44 100644 > --- a/policy.sgml > +++ b/policy.sgml > @@ -1928,12 +1928,16 @@ zope. > impossible to auto-compile that package and also makes it hard > for other people to reproduce the same binary package, all > required targets must be non-interactive. It also follows that > any target that these targets depend on must also be > non-interactive. > </p> > + <p> > + For packages in the main archive, no required targets > + may attempt network access. > + </p> > > <p> > The targets are as follows: > <taglist> > <tag><tt>build</tt> (required)</tag> > <item> It's fine, as it solves the initial problem. Seconded. -- WBR, wRAR
signature.asc
Description: Digital signature
