Kunal Mehta

I think the `run_command` function can be replaced entirely with `subprocess.check_call()`.

@KartikeyDubeyKD done, let us know if you have any questions/issues!

> Con: Screenshots would have to live in this repository. Is it possible to point weblate to the docs repo, where many/some of the screenshots already exist?

My concern actually isn't the duplication, it's that we're going to be adding more binary assets to the SD repo adds up when cloning on Tails, etc. (And they live...

But also +1 to getting rid of upload-screenshots and using weblate functionality instead, its one of those weird things that requires special casing (e.g. in securedrop/debian/rules)

Fixing the package name to include the Debian revision seems straightforward. I think we just need to throw in a "-1" in https://github.com/freedomofpress/kernel-builder/blob/main/scripts/mkdebian#L89 This wouldn't take care of existing kernel...

@eloquence shared the list of kernels installed on their long-running instance, which confirmed that this has always been an issue and not a recent regression. It's just that we didn't...

May have overcomplicated things :/ If we set `Unattended-Upgrade::Remove-Unused-Dependencies "true";` then it'll just run the equivalent of `apt-get autoremove`, which ends up like: ``` Option --dry-run given, *not* performing real...

The new plan is that we will set `Unattended-Upgrade::Remove-Unused-Dependencies "true";` in the 2.6.0 SecureDrop server release. However, this will cause all old kernels to be removed immediately, and we want...

For step 1, it actually wasn't that terrible to manually build securedrop-grsec as I wanted. Here's the git diff in the kernel-builder repository (the commenting out of the various make...