Skip to content

Commit b4cb7d2

Browse files
mgornymgorny
committed
Add a section on Internet access
1 parent 96058cc commit b4cb7d2

1 file changed

Lines changed: 39 additions & 0 deletions

File tree

source/discussions/downstream-packaging.rst

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,3 +82,42 @@ running tests and building wheels) from the unpacked source distribution. This
8282
ensures that the source distribution is actually tested, and reduces the risk
8383
that users installing from it will hit build failures or install an incomplete
8484
package.
85+
86+
87+
.. _Do not use the Internet during the build process:
88+
89+
Do not use the Internet during the build process
90+
------------------------------------------------
91+
Downstream builds are frequently done in sandboxed environments that cannot
92+
access the Internet. Therefore, it is important that your source distribution
93+
includes all the files needed for the package to build or allows provisioning
94+
them externally, and can build successfully without Internet access.
95+
96+
Ideally, it should not even attempt to access the Internet at all, unless
97+
explicitly requested to. If that is not possible to achieve, the next best
98+
thing is to provide an opt-out switch to disable all Internet access, and fail
99+
if some of the required files are missing instead of trying to fetch them. This
100+
could be done e.g. by checking whether a ``NO_NETWORK`` environment variable is
101+
to a non-empty value. Please also remember that if you are fetching remote
102+
resources, you should verify their authenticity, e.g. against a checksum, to
103+
protect against the file being substituted by a malicious party.
104+
105+
Even if downloads are properly authenticated, using the Internet is discouraged
106+
for a number of reasons:
107+
108+
- The Internet connection may be unstable (e.g. poor reception) or suffer from
109+
temporary problems that could cause the downloads to fail or hang.
110+
111+
- The remote resources may become temporarily or even permanently unavailable,
112+
making the build no longer possible. This is especially problematic when
113+
someone needs to build an old package version.
114+
115+
- Accessing remote servers poses a privacy issue and a potential security issue,
116+
as it exposes information about the system building the package.
117+
118+
- The user may be using a service with a limited data plan, in which
119+
uncontrolled Internet access may result in additional charges or other
120+
inconveniences.
121+
122+
Since downstreams frequently also run tests and build documentation, the above
123+
should ideally extend to these processes as well.

0 commit comments

Comments
 (0)