I’m in the beginning of starting a small open source project. When cloning the main repository one gets a complete build environment with all the libraries and all the tools needed to make an official installer file, with correct version numbers.
I like the fact that anyone who wants to contribute can clone the repository and get started with anything they want. But I’m thinking this makes it to easy for Evil People to create malicious installers and release into the wild.
How should it be structured? What do you recommend including in the repository, versus keeping on the build server only?
What you seem to be looking for is a directory layout. You tagged your question language-agnostic, but it does depend on the language(s)/framework/build tool you want to use. To give you some examples
It won’t stop Evil People do evil things, but it will help your potential contributors.