[pkg-go] Bug#830678: Bugs: "accesses the internet during build" -- strongly disagree on severity
Chris Lamb
lamby at debian.org
Mon Jul 11 07:59:58 UTC 2016
Dmitry wrote:
> post-build tests attempt to access internet which is relatively
> harmless in this context.
I guess our differences on this issue are three-fold:
Firstly, network access is not harmless in that it, at the very least, it
leaks the privacy of the developer building something failing some variation
of the DFSG "dissident" test.
(Furthermore, network access can naturally lead to vulnerabilities, although
I'm not claiming that any of the CC'd packages are doing so, am speaking
only to the principle.)
Secondly, retaining such tests provide little value as checks of the
correct functioning of the package given that the package does not FTBFS if
network access is restricted entirely.
In this sense, they engender a false sense of security about the correct
working of the package which is, again, not harmless from a quality assurance
point of view.
Lastly, they aren't really "post-build" as you suggest - they are surely an
integral part of build.
I really don't like to be a stickler for quoting Policy (and using that as a
blunt and inflexible instrument of change/agenda), but I guess that redefining
tests as "post-build" does have the sneaky advantage in that they aren't simple
obvious violations of the paragraph in question. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org / chris-lamb.co.uk
`-
More information about the Pkg-go-maintainers
mailing list