On Tue, 19 Mar 2019, Clemens Lang wrote:
There are a couple of static rules (which wouldn't change for this task) and a dynamic component that checks which port installed the file that the installation is trying to access. At the moment, we allow requests if the currently built port depends on the port that provides the file and deny access otherwise.
BTW, the current trace mode is riddled with false positives, so it's nowhere near being usable as authoritative information on dependencies. A lot of them might be explained by incorrect dependency analysis, though some are just silly, like complaining about "/opt".
This is completely orthogonal to performance issues, of course. Fred Wright
