Hi! On Sat, 30 Mar 2024 at 14:32, Andrey Rakhmatullin <w...@debian.org> wrote: > On Sat, Mar 30, 2024 at 10:49:33AM +0200, Jonathan Carter wrote: > > Another big question for me is whether I should really still > > package/upload/etc from an unstable machine. It seems that it may be prudent > > to consider it best practice to work from stable machines where any private > > keys are involved. For me it's just been so convenient to use unstable > > because it helps track changes that affect my users by the time it hits > > stable and also find bugs early that I care about, but perhaps I just need > > to make that adjustment and find more efficient ways to track unstable > > (perhaps on additional machines / VMs / etc). Not sure how other DDs think > > about this, but I'm also curious how they will deal with this, because > > there's near to no filter between unstable and the outside world, and this > > is probably not the last time someone will try something like this. > For me it's simple: if I'm forced to run my tools not on the host but in > some kind of inconvenient VM/chroot/whatever, I'll just stop contributing.
I am doing all my builds inside a (Podman) container with the sources loop-mounted. Thus I can use git and visual code editor directly on sources with full access, but when the build runs, it is fully inside a container that has no host access nor even network access. To achieve this I wrote a tool which you might want to check out: https://salsa.debian.org/otto/debcraft
