Ian Jackson writes: > Apropos of discussion in #813471: > Paul writes: >> In addition, d-i relies on access to the apt repo for the system. >> I can imagine other uses of that, so I added a carve-out for that. > > In general I think this should be done by saying that packages may > access the apt repository. Binaries, and sources, because packages > cannot depend on each others' sources and implementing that is a lot > of work.
We should aim that packages do *not* need to do this; d-i does it because no better way was implemented (yet). So I don't think allowing this in Policy for the future is a good idea; documenting that some packages currently have to do this might be okay. > See > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813471#162 > for a more extended rationale for permitting access to sources > as well as binaries. I don't think that is a good reason to access source packages: it makes it not obvious what the build dependencies are when they are hidden in some "apt-get source" call somewhere in the package. > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index d6a21b8..2d6f9ea 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -288,6 +288,13 @@ For packages in the main archive, no required targets > may attempt > network access, except, via the loopback interface, to services on the > build host that have been started by the build. > > +Nevertheless, required targets may use ``apt`` to access the apt > +repositories provided by the build environment (which are those which > +were used to resolve the package's build-dependencies). If > +appropriate, :ref:`Built-Using <s-built-using>`` must then be > +declared. It is permitted to download both binaries and/or sources. > +However, this facility should not normally be used. > + > The targets are as follows: > > ``build`` (required) As I said above, I think this is not a good idea. Ansgar
