On Sat, Mar 30, 2024 at 10:49:33AM +0200, Jonathan Carter wrote: > Another big question for me is whether I should really still > package/upload/etc from an unstable machine. It seems that it may be prudent > to consider it best practice to work from stable machines where any private > keys are involved. For me it's just been so convenient to use unstable > because it helps track changes that affect my users by the time it hits > stable and also find bugs early that I care about, but perhaps I just need > to make that adjustment and find more efficient ways to track unstable > (perhaps on additional machines / VMs / etc). Not sure how other DDs think > about this, but I'm also curious how they will deal with this, because > there's near to no filter between unstable and the outside world, and this > is probably not the last time someone will try something like this. For me it's simple: if I'm forced to run my tools not on the host but in some kind of inconvenient VM/chroot/whatever, I'll just stop contributing. I'm not even discussing any of that proper Debian setups with keys on separate airgapped machines, that's just not funny.
-- WBR, wRAR
signature.asc
Description: PGP signature
