开发者

How to organize release management to prevent from random package overwriting?

开发者 https://www.devze.com 2023-04-10 16:09 出处:网络
Currently we upload all build artifacts to corporate ftp. Login/password was hardcoded in build scripts. Anyone can replace content on FTP so any dependent project get damaged libs...

Currently we upload all build artifacts to corporate ftp. Login/password was hardcoded in build scripts. Anyone can replace content on FTP so any dependent project get damaged libs...

I look for software solutions which allow easy right management and data int开发者_运维知识库egrity.

Currently I have some suggestions:

  • Sign packages, all dependent package verify signature (this is complicated, what tools to use, GPG? how about GNU Make/ANT support for signing/verifying?)
  • Allow upload to release storage only from build machine (through WEB-interface you force the build).


Why do you not use systems like Maven? It has good multiversion mechanism and all stuffs what you want

0

精彩评论

暂无评论...
验证码 换一张
取 消