1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.BOOT

  • Re: Bug#1068197: debian-installer: accesses the internet during build

    From Bastian Blank@21:1/5 to Jonathan Carter on Sat Apr 6 09:50:15 2024
    On Mon, Apr 01, 2024 at 07:39:18PM +0200, Jonathan Carter wrote:
    As far as I know, this doesn't happen until after d-i asked the question "Do you want to use a network mirror?" and the user answered "Yes", in which
    case I think that would count as informed consent.

    During build, not during usage.

    And I don't see how it can work any different, as d-i build works by
    fetching packages somehow.

    Bastian

    --
    Killing is stupid; useless!
    -- McCoy, "A Private Little War", stardate 4211.8

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Aurelien Jarno@21:1/5 to All on Sat Apr 6 09:50:35 2024
    XPost: linux.debian.bugs.dist

    Source: debian-installer
    Severity: serious
    Justification: Policy 4.9
    X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org
    Control: affects -1 buildd.debian.org

    Hi,

    debian-installer attemps network access during build, although only to
    the mirrors listed in /etc/apt/sources.list and in a secure way. This is forbidden by Policy 4.9:

    For packages in the main archive, required targets must not attempt
    network access, except, via the loopback interface, to services on the
    build host that have been started by the build.

    In addition this brings constraints to the build daemons infrastructure.

    Regards,
    Aurelien

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Carter@21:1/5 to Aurelien Jarno on Sat Apr 6 09:51:08 2024
    On 2024/04/01 18:55, Aurelien Jarno wrote:
    debian-installer attemps network access during build, although only to
    the mirrors listed in /etc/apt/sources.list and in a secure way. This is forbidden by Policy 4.9:

    For packages in the main archive, required targets must not attempt
    network access, except, via the loopback interface, to services on the
    build host that have been started by the build.

    In addition this brings constraints to the build daemons infrastructure.

    As far as I know, this doesn't happen until after d-i asked the question
    "Do you want to use a network mirror?" and the user answered "Yes", in
    which case I think that would count as informed consent.

    -Jonathan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sven Joachim@21:1/5 to Jonathan Carter on Sat Apr 6 09:51:43 2024
    On 2024-04-01 19:39 +0200, Jonathan Carter wrote:

    On 2024/04/01 18:55, Aurelien Jarno wrote:
    debian-installer attemps network access during build, although only to
    the mirrors listed in /etc/apt/sources.list and in a secure way. This is
    forbidden by Policy 4.9:
    For packages in the main archive, required targets must not
    attempt
    network access, except, via the loopback interface, to services on the
    build host that have been started by the build.
    In addition this brings constraints to the build daemons
    infrastructure.

    As far as I know, this doesn't happen until after d-i asked the
    question "Do you want to use a network mirror?" and the user answered
    "Yes", in which case I think that would count as informed consent.

    There seems to be a misunderstanding, Aurelien was talking about the debian-installer source package, not about installation media. Building
    .debs from source packages does not ask for consent ;-).

    Cheers,
    Sven

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)