Package: debian-policy
Severity: minor

While checking the upgrade checklist I noticed this new requirement:

| 4.9
|    Required targets must not write outside of the unpacked source
|    package tree, except for TMPDIR, /tmp and /var/tmp.

The wording is a bit too strict and should be relaxed.  There are
other paths that should be fine to be written to during the build
process, for example /dev/shm, /run/lock[1], or possibly anything
below /proc/<pid> for processes spawned by the build process.


  [1] Which I noticed is world-writable which I'm not sure should be
      as users could then fill /run...  Note that /run/user/<uid> has
      separate filesystems to avoid this problem; but then there are
      many paths below /run writable by service users which can cause
      the same problems.

Reply via email to