lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Chiaretta <>
Subject Re: [Lucene.Net] nuget
Date Thu, 01 Dec 2011 19:45:00 GMT
Mine below

On Thu, Dec 1, 2011 at 7:28 PM, Michael Herndon <
> wrote:

> On Thu, Dec 1, 2011 at 1:04 PM, Simone Chiaretta <
> > wrote:
> > You mean a different impersonal Nuget account?
> >
> yes. the goal of the impersonal account was to allow committers to push
> nuget packages in an automated way without the need of having their own
> account. there was some preliminary work of building nuget packages using
> the build scripts.

Sorry, I haven't followed a lot lately: at the end, did we end up using
teamcity on codebetter or another build system? I remember there were
discussion on that but don't remember how they ended.

> there has been talk on various nuget channels about allowing nuget to have
> --pre tag or having a separate build channel. If you're not familiar with
> gems/bundler, its basically a way to push packages that are not official
> releases. (nightly, ctp, beta, etc).   So in theory the CI could build
> packages nightly if the build does not fail into a channels.
> its also helps from an overall branding perspective.

The author that appears on the nuget gallery page can be different from the
owner that puts the package online.

> > From what I've seen also used in MS pkgs devs have their in accounts but
> > pkgs have multiple owners.
> >
> If its possible to do so link your account as an owner & prescott's account
> with the impersonal one.

Keep in mind tho that having the token checked in somewhere in the source
repository is not a good idea b/c someone could use it and publish malware
or trojans under your identity. So unless the token is stored outside the
source repository, it's not a good idea to have it in the CI.

One last thing: I notice that the official lib is strongly named... again,
not a good idea to have the key checked in the source control. I guess now
someone owns the key for the strong naming and does the signing offline
from the CI. Is that correct?

> > But if you want we can also go with the team account.
> > Simo
> >
> >

Simone Chiaretta
Microsoft MVP ASP.NET - ASPInsider
twitter: @simonech

Any sufficiently advanced technology is indistinguishable from magic
"Life is short, play hard"

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message