Followup-For: Bug #1017941 A similar case is src:nvda2speechd (#1021390) and the solution there was to move the package to non-free.
Adrian Bunk wrote to #1021390: > AFAIK accessing the network from the buildds is simply forbidden. > > And what your package does is even worse: > It executes a script downloaded from the internet, > compromising the security of the buildds. > > Whoever controls sh.rustup.rs could for example provide a special > version of the script for Debian buildds that tries to find and > upload the private keys used on the buildds. I don't know whether greenbone-security-assistant executes untrusted code on the buildd, but ... Adrian Bunk later wrote to #1021390: > I think in its current state the package is anyway non-free since it > does not fulfill the DFSG for the contents it ships in its binary > packages. And I thinks that's a very valid point as well as the package being not autobuildable. You should explicitly mark it as XS-AutoBuild: no. Andreas
