[pkg-go] Bug#830209: Bugs: "accesses the internet during build" -- strongly disagree on severity
Dmitry Smirnov
onlyjob at debian.org
Tue Jul 12 09:14:11 UTC 2016
On Tuesday, 12 July 2016 9:45:04 AM AEST Chris Lamb wrote:
> Dmitry wrote:
> > To me it looks more like bureaucratic exercise is enforcing policy
>
> This was not my intention and I have already gone out of my way to avoid
> such an impression so I apologise if I could have made this clearer.
No that's all right, you have nothing to apologize for. :)
> I would believe these bugs to be serious, even if Policy was silent on this
> issue.
I'd say they are serious-ish (in a technical sense) and surely worth fixing
yet I still see them as less serious than build failures. I recognize
importance of fixing 'em but I can't treat 'em as a matter of urgency like
severity "serious" suggests.
> > Yes, _optional_ part of the build. ;) We don't have to run 'em but we
> > want to.
>
> You say "yes", but then you directly counter my point - they are an
> integral part of the build and upstream. Whilst you can disable the
> running of tests, that's something one must go out of the way to do so.
I was merely trying to provide some context.
> Quality is not something "we kinda want" in Debian and nor should we
> conflate the orthogonal ideas of severity and priority - using words like
> "rush" make me more than a little nervous.
Personally I feel uncomfortable when I receive bug that user submits with
higher severity than necessary. Everybody wants their bugs fixed ASAP and
surely from submitter prospective it is important to prioritize their bugs
because they are affected.
Who is the victim here? Build system? Maintainer? It is hard to say who
suffers the most from those bugs that you reported. Whist I strive for
perfection I also need to make the job done. Those bugs will be fixed as soon
as I can (unless team will do it before me) but not sooner than I intend to
address bugs that holding someone from doing something...
IMHO bug's severity should help maintainer to prioritise properly.
> I don't follow what you mean by "build environment is offline", and your
> analogy does not seem to apply as the attempts are not futile..
I was under impression that build servers do not allow internet access.
If build scripts can access WWW from buildd servers then it would be a much
more serious bug.
Surely there is corner case of "dpkg-buildpackage" that can be vulnerable to
network access during build but even "pbuilder" successfully prevent attempts
to access network.
Even build logs suggest that packages attempt to access network but fail.
I would be much more concerned about the issue if I knew that build
environment allows internet access.
--
All the best,
Dmitry Smirnov.
---
Criticism may not be agreeable, but it is necessary. It fulfils the same
function as pain in the human body. It calls attention to an unhealthy
state of things.
-- Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20160712/ef82929d/attachment.sig>
More information about the Pkg-go-maintainers
mailing list