In light of the recent xz backdoor, I was wondering what the potential use, if any, there is in shipping test folders in release/production branches? Wouldn't it seem more reasonable to have a separate "dev" branch to have the tests of folders?
👤 austin-cheney Accepted Answer ✓
Unrelated. Test automation is not an indicator of insecurity. If the mere presence of tests expose security vulnerabilities your product is insecure irrespective of the tests. In these cases fix the security problems.
I have always shipped test automation in production with my personal software. It allows users to independently validate the health of the product in their own operating conditions and write better more precise defects.