Page MenuHomePhabricator

Consider qubes-whonix-tests package
Closed, WontfixPublic

Description

If we would like to have dev/test code or scripts for the qubes-whonix package, then I would like to establish a policy of isolating them out into an independent package that is not installed by default, but can be optionally installed by users on-demand.

This is for achieving more simple, efficient, clearer security audits of the qubes-whonix package codebase and removing attack surface for 1st and 3rd party apps.

Additional discussion on this in these forum posts...

So, if we would like to include such dev/test code and scripts, I propose we establish a qubes-whonix-tests package for them.

Alternatively, we could just have a policy of leaving them out entirely for qubes-whonix, but I do see their positive uses in software and am not philosophically opposed. Just looking for default isolation of such non-production code/scripts.

Right now, @nrgaway is writing the majority of code for the qubes-whonix package, so if he would like to simply leave them all out for simplicity of not dealing with an additional qubes-whonix-tests package, then I would be okay with that.

Similarly, this isolated "-tests" package principle could be considered for other Whonix packages, but I will let @Patrick and others decide upon these other Whonix packages at this time.

Qubes