Bug#830568: python-asyncssh: accesses the internet during build
❦ 9 juillet 2016 15:26 CEST, Chris Lamb : > Source: python-asyncssh > Version: 1.5.6-1 > Severity: serious > Justification: Policy 4.9 > User: la...@debian.org > Usertags: network-access > > Dear Maintainer, > > Whilst python-asyncssh builds successfully on unstable/amd64, according to > Debian Policy 4.9 packages may not attempt network access during > a build. > > 00:00:00.00 IP f8fc55487205.58764 > dnscache.uct.ac.za.domain: 33265+ > A? fail.uct.ac.za. (32) > 00:00:00.46 IP f8fc55487205.58764 > dnscache.uct.ac.za.domain: 12531+ > ? fail.uct.ac.za. (32) > 00:00:00.001320 IP dnscache.uct.ac.za.domain > f8fc55487205.58764: 33265 > NXDomain* 0/1/0 (86) > 00:00:00.001523 IP dnscache.uct.ac.za.domain > f8fc55487205.58764: 12531 > NXDomain* 0/1/0 (86) > 00:00:00.001604 IP f8fc55487205.47627 > dnscache.uct.ac.za.domain: 56301+ > A? fail.chris-lamb.co.uk. (39) > 00:00:00.001620 IP f8fc55487205.47627 > dnscache.uct.ac.za.domain: 35318+ > ? fail.chris-lamb.co.uk. (39) > > [..] > > The full build log (including tcpdump output) is attached. Hey! Was this MBF discussed somewhere? I am dubious about this bug and think it should have been discussed on debian-devel@ (but I may have missed the thread). -- Don't comment bad code - rewrite it. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
Hi Vincent, > Was this MBF discussed somewhere? I don't consider it to be a MBF — I haven't been systematically working my way through the archive and I've really only filed a handful of bugs; mostly quasi-duplicates due to Sphinx stuff (which is arguably more a QA thing than to do with violation of any policy). Hope that helps. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#830568: python-asyncssh: accesses the internet during build
❦ 3 septembre 2016 15:46 CEST, Chris Lamb : >> Was this MBF discussed somewhere? > > I don't consider it to be a MBF — I haven't been systematically working > my way through the archive and I've really only filed a handful of bugs; > mostly quasi-duplicates due to Sphinx stuff (which is arguably more a > QA thing than to do with violation of any policy). Well, that's a lot of bugs, so it should have been discussed. But whatever, I was just asking to not repeat something already discussed. The policy says "may not". I am not a native speaker, but for me, this is not like "must not". Since you are a native speaker, I think you know better: is it optional or not? While I understand why the policy says no network access, in the case of python-asyncssh, the network access is to access a non-existing host From a DNS point of view. It's something that would be far more complex to setup a DNS in the chroot and LD_PRELOAD something to ensure it is used in place of the regular resolver part. Not running the test would just reduce the test coverage. If upstream wrote this test, I suppose it is useful. If we run tests as part of our build, I suppose this is also useful. And there is no positive side. Nowadays, we have little risk to have a package that access the network in a meaningful way during the build: both pbuilder and sbuild are running in a separate network namespace and I believe many official builders also have restricted access. People which are really concerned about information leak during build should do the same. Of course, another solution would be to use 127.0.0.1:discard which would be almost equivalent since the goal of the test seems to be broader than just DNS failures. What do you think? -- Use uniform input formats. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
Hi Vincent, > The policy says "may not". I am not a native speaker, but for me, this > is not like "must not". Since you are a native speaker, I think you know > better: is it optional or not? May I suggest an alternative approach…? We have two cases here: a) Debian Policy states it is a bug in python-asyncssh. b) Debian Policy does not state it is a bug python-asyncssh. In both cases it would be perfectly legitimate to continue discussing whether it *should* be a bug in python-asyncssh. In other words, tedious haggling over the wording and intention of a document neither of us wrote is unproductive to the goal of improving Debian. So, let's just skip all of that. > People which are really concerned about information leak during > build should do the same. I disagree, when we can easily enforce it for all of our users. > Of course, another solution would be to use 127.0.0.1:discard which > would be almost equivalent since the goal of the test seems to be > broader than just DNS failures. I recommend you disable the test for the "regular" Debian package build and run as many privacy-leaking/slow/etc. tests using autopkgtest. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#830568: python-asyncssh: accesses the internet during build
❦ 3 septembre 2016 21:22 CEST, Chris Lamb : >> The policy says "may not". I am not a native speaker, but for me, this >> is not like "must not". Since you are a native speaker, I think you know >> better: is it optional or not? > > May I suggest an alternative approach…? We have two cases here: > > a) Debian Policy states it is a bug in python-asyncssh. > > b) Debian Policy does not state it is a bug python-asyncssh. > > In both cases it would be perfectly legitimate to continue discussing > whether it *should* be a bug in python-asyncssh. > > In other words, tedious haggling over the wording and intention of a > document neither of us wrote is unproductive to the goal of improving > Debian. So, let's just skip all of that. Well, what you think is productive/improvement, I think this is a waste of time. Let's say I disable the test. Next release, I will have to rebase the patch. Next release, upstream will have added a test, I don't notice it, you'll file another bug, another upload to fix that. Upstream may notice that I am crippling its test suite. I'll have to explain. They may or may not understand. I don't want to do all that. The time I can spend on Debian is limited. If your bug was wishlist, I would just ignore it. It is severity serious and I have to handle it. Maybe it is legitimate. Maybe not. That's why I would have feeled more comfortable if this was discussed on debian-devel@. -- There is a great discovery still to be made in Literature: that of paying literary men by the quantity they do NOT write. signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
> If your bug was wishlist, I would just ignore it. It is severity serious > and I have to handle it. Maybe it is legitimate. Maybe not. Oh! I thought we were discussing whether it was a bug at all — hence the time you spent addressing whether privacy leaking is valuable — not the severity of the bug itself. As I probably dislike "bug severity wars" even more than Debian Policy wording debates, free to change it to whatever you feel is appropriate… :) Howevever, it does feel regrettable you readily admit you might completely ignore a bug. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#830568: python-asyncssh: accesses the internet during build
On Sat, 3 Sep 2016, Vincent Bernat wrote: > [...] information leak [...] This is not just a privacy issue but also a reproducibility issue. It is bad that a package leaks information to the external world, but it is even worse, I would say, that information from the outside world is being used in any way by the package during the build. If we allow packages to communicate with the external world during the build, then a sentence like "this is the source for this binary package" becomes completely meaningless, as the source package stops being all you need to build the package. I would try explaining that to upstream. Thanks.
Bug#830568: python-asyncssh: accesses the internet during build
❦ 4 septembre 2016 01:03 CEST, Santiago Vila : >> [...] information leak [...] > > This is not just a privacy issue but also a reproducibility issue. > > It is bad that a package leaks information to the external world, > but it is even worse, I would say, that information from the outside > world is being used in any way by the package during the build. > > If we allow packages to communicate with the external world during the > build, then a sentence like "this is the source for this binary package" > becomes completely meaningless, as the source package stops being all > you need to build the package. In this case, there is no reproducibility issue. The worst that can happen is the unit tests to fail if you have a host called "fail" on your network. Something that is plausible but should stay quite rare. I am totally OK with the general rule that a package must build without having access to the network. This is the case with python-asyncssh. It builds fine without access to the network. -- Make your program read from top to bottom. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
❦ 3 septembre 2016 23:37 CEST, Chris Lamb : >> If your bug was wishlist, I would just ignore it. It is severity serious >> and I have to handle it. Maybe it is legitimate. Maybe not. > > Oh! I thought we were discussing whether it was a bug at all — hence the > time you spent addressing whether privacy leaking is valuable — not the > severity of the bug itself. > > As I probably dislike "bug severity wars" even more than Debian Policy > wording debates, free to change it to whatever you feel is appropriate… :) > > Howevever, it does feel regrettable you readily admit you might completely > ignore a bug. This is why I think the issue should be discussed more broadly. I am pretty sure many people will agree with you, but I am also pretty sure some will agree with me. I can start the thread on debian-devel@ if you don't mind. -- Make it clear before you make it faster. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
> Santiago Vila wrote: > > > This is not just a privacy issue but also a reproducibility issue. […] > In this case, there is no reproducibility issue. (I agree; this a different issue to the one being discussed in this bug. Obviously, no package build should execute code downloaded from the internet.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#830568: python-asyncssh: accesses the internet during build
> > Oh! I thought we were discussing whether it was a bug at all […] not the > > severity of the bug itself. > > This is why I think the issue should be discussed more broadly. To be clear, I was referring to that it was regrettable — in general — that you would ignore any bug submitted against any package of yours. I would welcome a discussion on whether this is a bug or not, ie. one that is not haggling over the current intention of Policy. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#830568: python-asyncssh: accesses the internet during build
❦ 4 septembre 2016 10:13 CEST, Chris Lamb : >> > Oh! I thought we were discussing whether it was a bug at all […] not the >> > severity of the bug itself. >> >> This is why I think the issue should be discussed more broadly. > > To be clear, I was referring to that it was regrettable — in general — that > you would ignore any bug submitted against any package of yours. I would ignore that bug as I don't thing fixing it would achieve anything valuable. I would not of course ignore any non-serious bug. I have always fixed the reproducibility issues for example. -- Identify bad input; recover if possible. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#830568: python-asyncssh: accesses the internet during build
Source: python-asyncssh Version: 1.5.6-1 Severity: serious Justification: Policy 4.9 User: la...@debian.org Usertags: network-access Dear Maintainer, Whilst python-asyncssh builds successfully on unstable/amd64, according to Debian Policy 4.9 packages may not attempt network access during a build. 00:00:00.00 IP f8fc55487205.58764 > dnscache.uct.ac.za.domain: 33265+ A? fail.uct.ac.za. (32) 00:00:00.46 IP f8fc55487205.58764 > dnscache.uct.ac.za.domain: 12531+ ? fail.uct.ac.za. (32) 00:00:00.001320 IP dnscache.uct.ac.za.domain > f8fc55487205.58764: 33265 NXDomain* 0/1/0 (86) 00:00:00.001523 IP dnscache.uct.ac.za.domain > f8fc55487205.58764: 12531 NXDomain* 0/1/0 (86) 00:00:00.001604 IP f8fc55487205.47627 > dnscache.uct.ac.za.domain: 56301+ A? fail.chris-lamb.co.uk. (39) 00:00:00.001620 IP f8fc55487205.47627 > dnscache.uct.ac.za.domain: 35318+ ? fail.chris-lamb.co.uk. (39) [..] The full build log (including tcpdump output) is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- python-asyncssh.1.5.6-1.unstable.amd64.log.txt.gz Description: Binary data
