[pkg-go] Bug#830209: Bugs: "accesses the internet during build" -- strongly disagree on severity

Dmitry Smirnov onlyjob at debian.org
Wed Jul 13 06:50:25 UTC 2016


On Tuesday, 12 July 2016 11:25:00 AM AEST Chris Lamb wrote:
> > I was under impression that build servers do not allow internet access.
> 
> They generally do.

That certainly makes those bugs more important but also reveals a more 
serious problem. Is there anything you can do to restrict or limit internet 
access on buildd servers?

We should not trust build script not to access internet. Even pbuilder limits 
network access and build servers should do it as well.

Besides I've just disabled networking test in "franela-goreq" and it was not 
even trying to access internet -- the particular test in question was 
accessing unrouteable 10.255.255.1 from private subnet to test timeout --
IMHO not much of a threat even on unrestricted build servers to justify 
severity "serious" unless we follow the policy to the letter...

-- 
Best wishes,
 Dmitry Smirnov.

---

If liberty means anything at all, it means the right to tell people what
they do not want to hear.
        -- George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20160713/a4d63937/attachment.sig>


More information about the Pkg-go-maintainers mailing list