Re: [Nmock-general] Build script problem

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 17 Nov 2004 14:26:44 +0530, Owen Rogers
<or...@th...> wrote:

> > opening the private key makes assembly spoofing very simple 
> true.  but how concerned are we with spoofing?  this is an open source
> project after all.  the key is just a part of the source. 

Urrr, no. (Or it shouldn't be). Private keys should be stored *only*
on the build server in a (relatively) secure way. Developer builds
(i.e. non build-server builds) should use no key, or a 'use once' key.
Published builds should use a consistent key.

In fact its perfectly reasonable to expect your buildserver to have
one key as a machine-wide resource. This is a service we could setup
on CCNetLive, and could pass through the key location to the build
script as a CruiseControl.NET property.

Mike

-- 
mike roberts | http://mikeroberts.thoughtworks.net/ |
http://www.thoughtworks.com/