开发者

Questions reguarding keeping a NuGet Package Private

Our development team is starting to run into vertical dependency issues. I've been on teams that used Ivy to deal with this, but NuGet seems to be a far superior solution for Visual Studio 2010 / C#.

What scares me about NuGet is it makes it so开发者_如何学运维 easy to publish to the global feed. If this happens accidentally, at best, I am going to get fired. At worst . . .

I am hoping someone can vet the following plan and tell me if I'm opening myself up to a disaster. Also, any advice to improve the workflow would be appreciated.

  1. I am under the assumption, that if I never use the "push" command, and/or I never enter an API Key, NuGet cannot publish to the public repository. Is this true?

  2. I will install a Package feed on our private intranet, where the package feed is created as described here: http://haacked.com/archive/2011/03/31/hosting-simple-nuget-package-feed.aspx

  3. I will alter our CruiseControl/TeamCity builds to generate a new .nupkg file on every build, and push them to the ~packages directory.

  4. Team members will be forced to install the NuGet plugin, and point it towards the private repository.


I am under the assumption, that if I never use the "push" command, and/or I never enter an API Key, NuGet cannot publish to the public repository. Is this true?

If you don't enter an API key you are 100% safe. You can type push all day long and it won't do a thing.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜