Re: Network access during build

On 09/13/2016 12:56 AM, Thomas Goirand wrote:
> On 09/09/2016 09:53 PM, Russ Allbery wrote:
>> Furthermore, we're talking about upstream test behavior here, and I don't
>> think this argument passes the sniff test for conversations with upstream.
>> We already have enough issues with upstream over licensing, where we've
>> decided that our very aggressive stance is worth the effort.  Please let's
>> not pick fights that *aren't* worth the effort and will cause upstream to
>> look at us like we're paranoid nit-pickers.  This sort of thing is really
>> bad for cooperation with other projects.
> I very much agree here. I've had hard time convincing some upstream that
> these minified JS were non-free. Now, if I have to tell them how to
> write their unit test, they will just tell me to not run them...
>
>

A bit off-on-topic but bare with me.

Lets say some upstreams are paid to work on software that is (by
Debian community) in Debian archive. Also lets assume that majority do
it just for fun or in their free time.

Now I really do believe that majority of our choices are Freedom
respecting and also good technical choices. And we choose to stand by
that with our Social Contract. And this is why are we here, but we
can't take our choices to anyone else by "force".

In this particular case, we have (imho) a good decision to not allow
network access during the build but that is for sound choice for
Debian and maybe not for upstream for whatever reason (lack of time,
not fun, doesn't see it as great decision). So the "pain" of disabling
network access during build must fall on us. We choose it that
way. Again, it is Social Contract. And Debian Policy. And  our care
for users freedom, privacy, security. So, my solution to this would be
to first politely talk to our upstream and have a statement (that we
all together would make it as generic letter for outreach to our
upstreams) why they  should change tests and if we can help them. Who
know, maybe they even accept. If they don't, we just disable those
tests or all tests.

Now, if we are actually considered and like tests (as I think we
should) we should also do something about it. But lets do if for fun,
lets make it fun and now *just* another set of rules that we *must*
comply to or otherwise Mr.Lintian will scream on us and our builds
will fail. Can we have a build machine that will run tests of every
single package without having the rule of "network must be disabled"
so we personally see it passes or fails even without interfering the
build process - what engineering cost would it take to still have it
and make it fun for us? Or some other solution (scripts to fix this
issues, scripts to find and isolate all network tests etc).

Why am I writing all this - it appears to me that we are trying hard
to make it all correct in our world view. And that is awesome. But I
also feel that we are loosing too much energy on this and this is not
sustainable long term, nor fun. We must still do what we do, and we do
it for a good reason but we must transform our way of approaching such
deals that we end up having fun discussions and trying to find
collaborative fun solutions to it. Hackers. We will have hundreds more
of such decisions and discussion and if we don't want to take 10 years
of our lives on this kind of debates that go on and on and we
obviously see cracks appearing all over FLOSS ecosystem - we must
transform. We are enough big to make such decisions and changes, lets
just make more feasible for us all and maybe even upstream will be
more happy to follow us.

My 0b10 cents,

zlatan