Good... no need to have another key... Simo --- Simone Chiaretta @simonech Sent from a tablet
On 01/dic/2011, at 21:04, Michael Herndon <mhern...@wickedsoftware.net> wrote: > Keep in mind tho that having the token checked in somewhere in the source > repository is not a good idea b/c someone could use it and publish malware > or trojans under your identity. So unless the token is stored outside the > source repository, it's not a good idea to have it in the CI. > > - stored in an ASF private repo. > > the a new key probably needs to be generated and stored in the private ASF > repo as well. > > > The CI build is at builds.apache.org, however its not complete. > > On Thu, Dec 1, 2011 at 2:45 PM, Simone Chiaretta <simone.chiare...@gmail.com >> wrote: > >> Mine below >> >> On Thu, Dec 1, 2011 at 7:28 PM, Michael Herndon < >> mhern...@wickedsoftware.net >>> wrote: >> >>> On Thu, Dec 1, 2011 at 1:04 PM, Simone Chiaretta < >>> simone.chiare...@gmail.com >>>> wrote: >>> >>>> You mean a different impersonal Nuget account? >>>> >>> >>> yes. the goal of the impersonal account was to allow committers to push >>> nuget packages in an automated way without the need of having their own >>> account. there was some preliminary work of building nuget packages using >>> the build scripts. >>> >> >> Sorry, I haven't followed a lot lately: at the end, did we end up using >> teamcity on codebetter or another build system? I remember there were >> discussion on that but don't remember how they ended. >> >> >> >>> >>> there has been talk on various nuget channels about allowing nuget to >> have >>> --pre tag or having a separate build channel. If you're not familiar with >>> gems/bundler, its basically a way to push packages that are not official >>> releases. (nightly, ctp, beta, etc). So in theory the CI could build >>> packages nightly if the build does not fail into a channels. >>> >>> its also helps from an overall branding perspective. >>> >> >> The author that appears on the nuget gallery page can be different from the >> owner that puts the package online. >> >> >>> >>> >>>> From what I've seen also used in MS pkgs devs have their in accounts >> but >>>> pkgs have multiple owners. >>>> >>> >>> If its possible to do so link your account as an owner & prescott's >> account >>> with the impersonal one. >>> >> >> Keep in mind tho that having the token checked in somewhere in the source >> repository is not a good idea b/c someone could use it and publish malware >> or trojans under your identity. So unless the token is stored outside the >> source repository, it's not a good idea to have it in the CI. >> >> One last thing: I notice that the official lib is strongly named... again, >> not a good idea to have the key checked in the source control. I guess now >> someone owns the key for the strong naming and does the signing offline >> from the CI. Is that correct? >> >> >>> >>> >>>> But if you want we can also go with the Lucene.net team account. >>>> Simo >>>> >>>> >>> >> >> >> >> -- >> Simone Chiaretta >> Microsoft MVP ASP.NET - ASPInsider >> Blog: http://codeclimber.net.nz >> RSS: http://feeds2.feedburner.com/codeclimber >> twitter: @simonech >> >> Any sufficiently advanced technology is indistinguishable from magic >> "Life is short, play hard" >>
