[Python-modules-team] Bug#830568: python-asyncssh: accesses the internet during build
Vincent Bernat
bernat at debian.org
Sun Sep 4 05:31:07 UTC 2016
❦ 4 septembre 2016 01:03 CEST, Santiago Vila <sanvila at unex.es> :
>> [...] information leak [...]
>
> This is not just a privacy issue but also a reproducibility issue.
>
> It is bad that a package leaks information to the external world,
> but it is even worse, I would say, that information from the outside
> world is being used in any way by the package during the build.
>
> If we allow packages to communicate with the external world during the
> build, then a sentence like "this is the source for this binary package"
> becomes completely meaningless, as the source package stops being all
> you need to build the package.
In this case, there is no reproducibility issue. The worst that can
happen is the unit tests to fail if you have a host called "fail" on
your network. Something that is plausible but should stay quite rare.
I am totally OK with the general rule that a package must build without
having access to the network. This is the case with python-asyncssh. It
builds fine without access to the network.
--
Make your program read from top to bottom.
- The Elements of Programming Style (Kernighan & Plauger)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20160904/4891bce7/attachment.sig>
More information about the Python-modules-team
mailing list