Bug#1037064: maven-verifier depends on downloading sources at build time
gregor herrmann
gregoa at debian.org
Sat Jun 3 11:58:17 BST 2023
On Fri, 02 Jun 2023 21:40:10 -0700, Steve Langasek wrote:
> While this is not a build failure, it does mean building the package has a
> dependency on software outside of main, which I believe is a serious policy
> violation.
The network access during build is a policy violation in itself:
4.9
…
For packages in the main archive, required targets must not
attempt network access, except, via the loopback interface, to
services on the build host that have been started by the build.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20230603/c1aa5acf/attachment.sig>
More information about the pkg-java-maintainers
mailing list