device policy: disallow devices that require network access

[achow101]

I don't think that HWI should include any code that involves network access. In the past, changes have been made to libraries to specifically exclude libraries such as requests, even when it isn't being used for network access. We currently remove the bridge transport from trezorlib because it requires requests (although it isn't actually accessing a remote server afaict). And one of the original motivations for including copies of libraries was to remote requests from trezorlib back when it would default to fetching tx data from a server. Additionally, HWI should be able to work on an offline machine without any reduction to its capabilities.

As such, I think we should add to the device support policy that devices must not require network access for it to function. I think we should also mention that, in general, libraries and imports that facilitate network access are not allowed.

Any thoughts or opinions on adding this to the device policy?

---

The sole exception to HWI working offline and not allowing network access is the firmware update downloader. The PR for that has not yet been merged, but in that PR, the firmware downloader is specifically made a separate binary so that requests is not included nor required by the main HWI binaries.

[instagibbs]

I wonder if the updater binary can be generalized into a "will phone home" binary? Not a great UX but then at least usage as a library can be made possible and it's up to users then to make an informed decision.

[instagibbs]

bumping this issue now that I'm playing with jade.

requests seems to be installed by poetry, but not by pip3 install .. Is this the expected installation flow?

[prusnak]

With poetry, requests are installed via sphinx as its dependency.

Since setup.py does not mention sphinx, it also does not install requests.

[instagibbs]

sure, I suppose I meant is this the intended flow, prescriptively