You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To help developers gain confidence in what is changing, we should automatically run diffoscope on new packages.
How will this impact SecureDrop developers?
Historically our package build tooling has had a lot of moving parts and been quite...fragile. This led developers to not have a lot of confidence in the resulting package, so post-build tests to verify files were included and config was applied correctly were written, plus a pretty intensive manual QA process.
diffoscope enables us to diff different package versions and see exactly what changed, which should give us more confidence that things we didn't want to change stayed the same!
There are some options here, we could run diffoscope on each commit/PR, we could run it on package updates to the securedrop-apt-test/prod repos, maybe both.
The text was updated successfully, but these errors were encountered:
Description
To help developers gain confidence in what is changing, we should automatically run diffoscope on new packages.
How will this impact SecureDrop developers?
Historically our package build tooling has had a lot of moving parts and been quite...fragile. This led developers to not have a lot of confidence in the resulting package, so post-build tests to verify files were included and config was applied correctly were written, plus a pretty intensive manual QA process.
diffoscope enables us to diff different package versions and see exactly what changed, which should give us more confidence that things we didn't want to change stayed the same!
There are some options here, we could run diffoscope on each commit/PR, we could run it on package updates to the securedrop-apt-test/prod repos, maybe both.
The text was updated successfully, but these errors were encountered: