* Xavier Roche <roch...@httrack.com>, 2014-04-13, 18:47:
Solution 2: do not depend on the network at all
I would strongly recommend this.
Solution 3: do not depend too tightly on the network
There are multiple problems with using network at build time:
1) Security: a MiTM attacker can force your package to FTBFS.
2) Reproducibility: a change in the way the remote server behaves can
make your package FTBFS. (Not a nice thing when somebody is trying
to make, let's say, a security upload...)
3) Privacy: random third parties shouldn't be notified that I'm building
the package, dammit!
4) Economy: some people have download quotas on their Internet
connections.
Maybe an additional protection could be to make tests non-fatal, maybe,
but I would have to post-check every single build.
That would fix 1 and 2, but not 3 or 4.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140413174325.ga9...@jwilk.net
