[Python-modules-team] Bug#830568: python-asyncssh: accesses the internet during build
Santiago Vila
sanvila at unex.es
Sat Sep 3 23:03:47 UTC 2016
On Sat, 3 Sep 2016, Vincent Bernat wrote:
> [...] information leak [...]
This is not just a privacy issue but also a reproducibility issue.
It is bad that a package leaks information to the external world,
but it is even worse, I would say, that information from the outside
world is being used in any way by the package during the build.
If we allow packages to communicate with the external world during the
build, then a sentence like "this is the source for this binary package"
becomes completely meaningless, as the source package stops being all
you need to build the package.
I would try explaining that to upstream.
Thanks.
More information about the Python-modules-team
mailing list