Comment 4 for bug 1118469

One more tidbit, during step #1 we should also copy the .gitignore just to be sure it's not tampered with in the tarball and thus hiding a compromised file.