On Sun, Oct 08, 2017 at 01:50:30PM +0200, Philipp Kern wrote: > On 10/04/2017 05:50 AM, Sean Whitton wrote: > > On Tue, Oct 03 2017, Jérémy Lal wrote: > >> It might be a good idea to make policy more explicit about downloads > >> during build. > > I'm not sure how it could be more explicit: > > For packages in the main archive, no required targets may attempt > > network access. > > And then again it should allow for network access (including bind(2)) to > localhost.
Yeah, this part should be written more explicitly. >From what I've seen, usual confusion is: * external traffic on port 53 (people sometimes argue DNS "is not network access") * traffic to localhost (127.0.0.0/24, ::1) * link-local Meow! -- ⢀⣴⠾⠻⢶⣦⠀ We domesticated dogs 36000 years ago; together we chased ⣾⠁⢰⠒⠀⣿⡁ animals, hung out and licked or scratched our private parts. ⢿⡄⠘⠷⠚⠋⠀ Cats domesticated us 9500 years ago, and immediately we got ⠈⠳⣄⠀⠀⠀⠀ agriculture, towns then cities. -- whitroth on /.
