On Sat, 3 Sep 2016, Vincent Bernat wrote: > [...] information leak [...]
This is not just a privacy issue but also a reproducibility issue. It is bad that a package leaks information to the external world, but it is even worse, I would say, that information from the outside world is being used in any way by the package during the build. If we allow packages to communicate with the external world during the build, then a sentence like "this is the source for this binary package" becomes completely meaningless, as the source package stops being all you need to build the package. I would try explaining that to upstream. Thanks. _______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
