lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Chiaretta <simone.chiare...@gmail.com>
Subject Re: [Lucene.Net] Lucene.net nuget
Date Thu, 01 Dec 2011 20:26:26 GMT
Good... no need to have another key...
Simo

---
Simone Chiaretta
@simonech
Sent from a tablet

On 01/dic/2011, at 21:04, Michael Herndon <mherndon@wickedsoftware.net> wrote:

> Keep in mind tho that having the token checked in somewhere in the source
> repository is not a good idea b/c someone could use it and publish malware
> or trojans under your identity. So unless the token is stored outside the
> source repository, it's not a good idea to have it in the CI.
> 
> -  stored in an ASF private repo.
> 
> the a new key probably needs to be generated and stored in the private ASF
> repo as well.
> 
> 
> The CI build is at builds.apache.org, however its not complete.
> 
> On Thu, Dec 1, 2011 at 2:45 PM, Simone Chiaretta <simone.chiaretta@gmail.com
>> wrote:
> 
>> Mine below
>> 
>> On Thu, Dec 1, 2011 at 7:28 PM, Michael Herndon <
>> mherndon@wickedsoftware.net
>>> wrote:
>> 
>>> On Thu, Dec 1, 2011 at 1:04 PM, Simone Chiaretta <
>>> simone.chiaretta@gmail.com
>>>> wrote:
>>> 
>>>> You mean a different impersonal Nuget account?
>>>> 
>>> 
>>> yes. the goal of the impersonal account was to allow committers to push
>>> nuget packages in an automated way without the need of having their own
>>> account. there was some preliminary work of building nuget packages using
>>> the build scripts.
>>> 
>> 
>> Sorry, I haven't followed a lot lately: at the end, did we end up using
>> teamcity on codebetter or another build system? I remember there were
>> discussion on that but don't remember how they ended.
>> 
>> 
>> 
>>> 
>>> there has been talk on various nuget channels about allowing nuget to
>> have
>>> --pre tag or having a separate build channel. If you're not familiar with
>>> gems/bundler, its basically a way to push packages that are not official
>>> releases. (nightly, ctp, beta, etc).   So in theory the CI could build
>>> packages nightly if the build does not fail into a channels.
>>> 
>>> its also helps from an overall branding perspective.
>>> 
>> 
>> The author that appears on the nuget gallery page can be different from the
>> owner that puts the package online.
>> 
>> 
>>> 
>>> 
>>>> From what I've seen also used in MS pkgs devs have their in accounts
>> but
>>>> pkgs have multiple owners.
>>>> 
>>> 
>>> If its possible to do so link your account as an owner & prescott's
>> account
>>> with the impersonal one.
>>> 
>> 
>> Keep in mind tho that having the token checked in somewhere in the source
>> repository is not a good idea b/c someone could use it and publish malware
>> or trojans under your identity. So unless the token is stored outside the
>> source repository, it's not a good idea to have it in the CI.
>> 
>> One last thing: I notice that the official lib is strongly named... again,
>> not a good idea to have the key checked in the source control. I guess now
>> someone owns the key for the strong naming and does the signing offline
>> from the CI. Is that correct?
>> 
>> 
>>> 
>>> 
>>>> But if you want we can also go with the Lucene.net team account.
>>>> Simo
>>>> 
>>>> 
>>> 
>> 
>> 
>> 
>> --
>> Simone Chiaretta
>> Microsoft MVP ASP.NET - ASPInsider
>> Blog: http://codeclimber.net.nz
>> RSS: http://feeds2.feedburner.com/codeclimber
>> twitter: @simonech
>> 
>> Any sufficiently advanced technology is indistinguishable from magic
>> "Life is short, play hard"
>> 

Mime
View raw message