[Python-modules-team] Bug#830568: python-asyncssh: accesses the internet during build
Vincent Bernat
bernat at debian.org
Sat Sep 3 15:18:51 UTC 2016
❦ 3 septembre 2016 15:46 CEST, Chris Lamb <lamby at debian.org> :
>> Was this MBF discussed somewhere?
>
> I don't consider it to be a MBF — I haven't been systematically working
> my way through the archive and I've really only filed a handful of bugs;
> mostly quasi-duplicates due to Sphinx stuff (which is arguably more a
> QA thing than to do with violation of any policy).
Well, that's a lot of bugs, so it should have been discussed. But
whatever, I was just asking to not repeat something already discussed.
The policy says "may not". I am not a native speaker, but for me, this
is not like "must not". Since you are a native speaker, I think you know
better: is it optional or not?
While I understand why the policy says no network access, in the case of
python-asyncssh, the network access is to access a non-existing host
From a DNS point of view. It's something that would be far more complex
to setup a DNS in the chroot and LD_PRELOAD something to ensure it is
used in place of the regular resolver part. Not running the test would
just reduce the test coverage. If upstream wrote this test, I suppose it
is useful. If we run tests as part of our build, I suppose this is also
useful. And there is no positive side. Nowadays, we have little risk to
have a package that access the network in a meaningful way during the
build: both pbuilder and sbuild are running in a separate network
namespace and I believe many official builders also have restricted
access. People which are really concerned about information leak during
build should do the same.
Of course, another solution would be to use 127.0.0.1:discard which
would be almost equivalent since the goal of the test seems to be
broader than just DNS failures.
What do you think?
--
Use uniform input formats.
- The Elements of Programming Style (Kernighan & Plauger)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20160903/9da3c2a1/attachment.sig>
More information about the Python-modules-team
mailing list