Page MenuHomePhabricator

port Whonix package build process to Qubes package build process
Open, NormalPublic

Description

That would help with automation. More frequent updates. Then git tag signing, deterministic builds and release quality assurance would be sorted out.


Motivation:

All packages not coming from Debian like Tor Browser (not packaged at all) and Tor (newer versions from deb.torproject.org) is a major non-fun hassle maintenance burden.

  • watch upstream package updates
  • upload to developers repository
  • test
  • upload to testers repository
  • have testers test it
  • upload to proposed-stable repository
  • have testers test it
  • upload to stable repository

Since all of this needs mental resources, time, remembering things, and cannot be done in connected working hours (since time has to pass), it's a major hassle.

Most of the time, no issues are caught. But if there was an issue, it could be huge, such as:

  • Tor no longer connecting, requesting all users to apply manual steps to solve it
  • apt-get package management is broken dependency state

Details

Impact
Normal

Event Timeline

Patrick created this task.Jul 23 2017, 6:22 PM
iry added a subscriber: iry.Aug 16 2017, 4:53 PM
Patrick updated the task description. (Show Details)Feb 18 2018, 2:11 PM