On Mon, Apr 01, 2024 at 06:08:10PM +0200, Aurelien Jarno wrote: > On 2024-04-01 17:52, Bill Allombert wrote: > > On Mon, Apr 01, 2024 at 05:29:54PM +0200, Aurelien Jarno wrote: > > > Package: debian-policy > > > Version: 4.6.2.1 > > > Severity: normal > > > X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org > > > Control: affects -1 buildd.debian.org > > > > > > Hi, > > > > > > The debian policy, section 4.9, forbids network access for packages in > > > the main archive, which implicitly means they are authorized for > > > packages in contrib and non-free (and non-free-firmware once #1029211 is > > > fixed). > > > > > > This gives constraints on the build daemons infrastructure and also > > > brings some security concerns. Would it be possible to extend this > > > restriction to all archives? > > > > Does the build daemons actually build non-free ? > > Yes, they do, though only part of non-free, only the packages that have > Autobuild: yes and that have been put on an allow list after review.
Is your concern is that the package start to do network acces during build after it has been added to the allow list ? Do you need "Autobuild: yes" to preclude network access ? Cheers, -- Bill. <ballo...@debian.org> Imagine a large red swirl here.
