Paul Wise writes ("Re: Bug#813471: Seeking seconds for patch to permit some
network access to localhost"):
> Sean and I discussed this at DebCamp and he mentioned that udeb
> building packages have an exception from (most?) of policy, so we
> probably do not need this particular apt repo network exception?
I don't think this is sound, really. *udebs* have an exception from
policy but "udeb-consuming packages are allowed to access the network
but others aren't" ?
> The only other reason I can think of to need access to the apt repo
> from the build scripts is as an alternative workaround to the "cannot
> build-dep on source packages" problem, which is usually worked around
> via -source binary packages. The -source workaround is used by
> toolchain packages, external Linux kernel drivers and some other
> things. It seems to be working OK so I suggest that we deprecate all
> access to the apt repo except for d-i and installing Build-Depends.
The problem with this is that you need cooperation - and quite serious
and to-them-intrusive cooperation - from the packages you want to
build-depend-source on.
I had a use case which motivated my conversation in Nicaragua: Xen
wanted to rebuild a whole bunch of things (all of the dependencies of
a stripped-down version of qemu) in a special unikernel-like
environment. Obviously asking the maintainers of gettext and qemu and
whatever to provide -source packages was not desirable. Nor was
copying the code.
As it happens this never came to pass, but it shows that this kind of
"mini-distro" is not limited to d-i.
> Since Built-Using is *only* for license compliance (and folks strongly
> discourage its use for other things such as static linking), that is
> completely dependent on the license of the source/binary being fetched.
> It is probably worth mentioning if we add the apt repo exception.
Right.
Thanks,
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
