[Tails-dev] config/chroot_local-packages in .gitignore?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tails-dev
Subject: [Tails-dev] config/chroot_local-packages in .gitignore?
Hi,

since we don't use config/chroot_local-packages anymore but for quick
tests, this directory was added to .gitignore "to prevent packages
from being mistakenly added to the repository". This looks like a very
good reason to do so.

However, it also makes it very easy to build tainted ISO images with
non-standard packages, that were forgotten in this directory, without
noticing: "git status" won't tell you. I guess our diff'ing of the old
and new packages list at release time would catch most, if not all, of
such situations, which mitigates the problem, but I fear this still
can lead to hard to debug situations (what worse than a bug you're the
only one to reproduce, due to something like this?).

All in all, I'm not sure which kind of problem I'd rather avoid.
I would tend to prefer removing this line from .gitignore, and
discussing it again if we mistakenly add packages to Git, but
I'm unsure.

What do you think?

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc