Package: debian-policy Version: 220.127.116.11 Severity: minor While checking the upgrade checklist I noticed this new requirement:
+--- | 4.9 | Required targets must not write outside of the unpacked source | package tree, except for TMPDIR, /tmp and /var/tmp. +--- The wording is a bit too strict and should be relaxed. There are other paths that should be fine to be written to during the build process, for example /dev/shm, /run/lock, or possibly anything below /proc/<pid> for processes spawned by the build process. Ansgar  Which I noticed is world-writable which I'm not sure should be as users could then fill /run... Note that /run/user/<uid> has separate filesystems to avoid this problem; but then there are many paths below /run writable by service users which can cause the same problems.