❦ 4 septembre 2016 01:03 CEST, Santiago Vila <sanv...@unex.es> :
>> [...] information leak [...] > > This is not just a privacy issue but also a reproducibility issue. > > It is bad that a package leaks information to the external world, > but it is even worse, I would say, that information from the outside > world is being used in any way by the package during the build. > > If we allow packages to communicate with the external world during the > build, then a sentence like "this is the source for this binary package" > becomes completely meaningless, as the source package stops being all > you need to build the package. In this case, there is no reproducibility issue. The worst that can happen is the unit tests to fail if you have a host called "fail" on your network. Something that is plausible but should stay quite rare. I am totally OK with the general rule that a package must build without having access to the network. This is the case with python-asyncssh. It builds fine without access to the network. -- Make your program read from top to bottom. - The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature