Hi! On Wed, 2016-09-07 at 08:41:19 +0200, Christoph Biedl wrote: > Vincent Bernat wrote... > > > One of the package that I maintain (python-asyncssh) makes a DNS request > > during build and expects it to fail. Since Policy 4.9 forbids network > > access (in a rather confusing wording "may not"), I got this serious > > bug: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830568 > > This was my constant fear since the first day I learned about this > policy. While I consider the change the right thing, I'm somewhat > concerned the wording leads to requirements that neither were intended > nor are necessary to reach the goal that I consider the idea behind > it: The behaviour of any network activity must not affect the result > of the build. Where behaviour includes unavailability, and completely > unexpected behaviour like providing bogus data for any kind of > request. The easiest way to enforce this is to disallow network > traffic at all. > > Now the funny question: Does traffic on the loopback interface count > as network access? A daemon started during build to run tests is > certainly okay. What about traffic to other daemons, most prominentely > named? Running "hostname --fqdn" unless this is handled by /etc/hosts > already? Also, I remember a certain package (name withheld) did a > *lot* of DNS traffic in the test suite, so far nobody has shown > concerns about this.
https://bugs.debian.org/813471 Thanks, Guillem