On Mon, May 20, 2013 at 11:29 PM, Noah Slater <[email protected]> wrote: > My concern is that when you use wildcards, a malicious (or broken) program > could add files to the output that are then bundled up, and we end up > shipping them in a release. At the moment, every file that we ship has been > explcitly included. Having said that, my release procedure is now > sufficiently advanced that I can detect missing/extra files, as well as > "surprising" content. So I am not sure I need to be as vigilant about this > as I used to be...
Your release procedure being advanced sounds like bus factor danger; is all of that in the admin-repo, or available somewhere else? I could see myself doing some release management to lighten some of your load. > With that in mind, I'd say: do whatever you think is best. I'll wait a bit for Benoit's build system refactor to land. Cheers, Dirkjan
