On 2018-06-18, Dominik Psenner wrote:
> On Mon, 18 Jun 2018, 09:12 Stefan Bodewig, wrote:
>> Do you know how to create the oldkeys binaries? Or will we just no
>> longer provide them (I could live with that).
> I have no idea, yet. :-) people had a long time to adapt to newkey
> binaries. If t
On Mon, 18 Jun 2018, 09:12 Stefan Bodewig, wrote:
> On 2018-06-17, Dominik Psenner wrote:
>
> > Am Fr., 15. Juni 2018 um 10:53 Uhr schrieb Stefan Bodewig <
> > bode...@apache.org>:
>
> >> On 2018-06-13, Dominik Psenner wrote:
>
> >>> That is possible. I restricted access to the github token to th
On 2018-06-17, Dominik Psenner wrote:
> Am Fr., 15. Juni 2018 um 10:53 Uhr schrieb Stefan Bodewig <
> bode...@apache.org>:
>> On 2018-06-13, Dominik Psenner wrote:
>>> That is possible. I restricted access to the github token to the log4net
>>> build job only. Stefan, would you like to try wheth
Am Fr., 15. Juni 2018 um 10:53 Uhr schrieb Stefan Bodewig <
bode...@apache.org>:
> On 2018-06-13, Dominik Psenner wrote:
>
> > That is possible. I restricted access to the github token to the log4net
> > build job only. Stefan, would you like to try whether you can gain access
> > to that token? I
On 2018-06-13, Dominik Psenner wrote:
> That is possible. I restricted access to the github token to the log4net
> build job only. Stefan, would you like to try whether you can gain access
> to that token? I can guide you to where you can find it off-list.
Sorry, still travelling. Even if I don't
That is possible. I restricted access to the github token to the log4net
build job only. Stefan, would you like to try whether you can gain access
to that token? I can guide you to where you can find it off-list.
On Wed, 13 Jun 2018, 17:40 Ralph Goers, wrote:
> Jenkins does have a way of storing
Jenkins does have a way of storing credentials. However, I don’t know if there
is a way to limit which jobs can use the credentials.
Ralph
> On Jun 13, 2018, at 6:48 AM, Stefan Bodewig wrote:
>
> On 2018-06-13, Dominik Psenner wrote:
>
>> As far as I can tell, the secrets stored in jenkins.a.
I don’t think that’s possible with vanilla Jenkins. May need to use some
secrets manager on top like Vault. Essentially, anyone with access to
configure jobs can extract stored credentials.
On Wed, Jun 13, 2018 at 09:48, Stefan Bodewig wrote:
> On 2018-06-13, Dominik Psenner wrote:
>
> > As far
On 2018-06-13, Dominik Psenner wrote:
> As far as I can tell, the secrets stored in jenkins.a.o are
> trustworthy. For instance I used a github access token generated from
> my github account that grants jenkins access to the log4net-logging
> repository on github. I am convinced that nobody else
My previous mail was strongly biased by what we should do with the old
key binaries but that is another topic we have to get consensus about.
As far as the gpg signing of the artifacts goes, it will have to stay a
manual process. Just like updating the site and publishing artifacts is
also a m
Yes, I was talking about GPG, totally forgot about other artifact signing.
Even Java supports that despite barely anyone using it. And I’ve created
dedicated GPG keys in the past for continuous deployment to Maven Central,
but not in a public Jenkins instance.
On Wed, Jun 13, 2018 at 06:58, Stefan
[Sorry for the top post]
I think Matt and you are talking about different "signing" processes.
.NET assemblies can be signed (strong named) and for some releases now
we've used a key that is checked into git for one distribution archive
(no credential needed, everything is in git) that is labeled
That's an interesting question to ask. As I see it, ci should produce good
and final artifacts. This means that ci should also sign them in the
pipeline. We can inject required keys and credentials with secret variables
to make it work. These credentials are then only accessible to whoever has
acce
Will you be signing and uploading them locally or via Jenkins?
On Tue, Jun 12, 2018 at 10:05, Dominik Psenner wrote:
> Hi,
>
> our CI is ready to supply us with binaries along with the log4net
> website. This will be the first time that binaries from the CI are
> shipped as a release. Therefore
14 matches
Mail list logo