Re: [Nmock-general] Build script problem

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 17 Nov 2004 14:38:52 -0600, Levi Khatskevitch
<lkh...@th...> wrote:
>  
> Mike Roberts <mik...@gm...> wrote on 11/17/2004 02:39:59 PM:
>  > Published builds should use a consistent key. 
>  
> I wonder why, is there another reason besides making binding redirection
> possible what's the problem with using one-time keys for releases? (just
> curious) 

Pretty much the above. A public key gives you an identity. I think its
good practice.

> Why not use delay signing, where the public key is widely available and can
> be used for partial signing. 

<snip>

> With delay signing scheme only the person publishing releases would need
> (and have access to) the private key. 

Yes, but where you automatically publish *any* successful build (as is
the case with people using Dev builds off CCNetLive), that person *is*
the build server, so delayed signing makes no sense in this case.

I should add I'm no expert at this stuff, all just my opinion.

-- 
mike roberts | http://mikeroberts.thoughtworks.net/ |
http://www.thoughtworks.com/