Yeah, I think forbidding network access within build systems is would be a great default to employ.

woodruffw • last Thursday at 1:16 PM • 1 reply • view on HN

(I wouldn’t be surprised to learn that a large number of packages in Python do in fact have legitimate network build-time dependencies. But it would be great to actually be able to quantify this so the situation could be improved.)

Replies

TZubiri • last Thursday at 1:49 PM

Is it really legitimate to have build time network deps? It just means the full source wasn't published and there's some hidden source being downloaded

➕ show 1 reply

alt Hacker News

Replies