❦ 4 septembre 2016 01:03 CEST, Santiago Vila <sanv...@unex.es> :
>> [...] information leak [...]
>
> This is not just a privacy issue but also a reproducibility issue.
>
> It is bad that a package leaks information to the external world,
> but it is even worse, I would say, that information from the outside
> world is being used in any way by the package during the build.
>
> If we allow packages to communicate with the external world during the
> build, then a sentence like "this is the source for this binary package"
> becomes completely meaningless, as the source package stops being all
> you need to build the package.
In this case, there is no reproducibility issue. The worst that can
happen is the unit tests to fail if you have a host called "fail" on
your network. Something that is plausible but should stay quite rare.
I am totally OK with the general rule that a package must build without
having access to the network. This is the case with python-asyncssh. It
builds fine without access to the network.
--
Make your program read from top to bottom.
- The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature
