Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release version 1.5.0 #46

Merged
merged 1 commit into from
Apr 2, 2024
Merged

Release version 1.5.0 #46

merged 1 commit into from
Apr 2, 2024

Conversation

quad
Copy link
Collaborator

@quad quad commented Apr 1, 2024

  • Bump version to 1.5.0 and update changelog

@quad quad requested a review from matklad April 1, 2024 12:51
@quad
Copy link
Collaborator Author

quad commented Apr 1, 2024

@matklad xz this week got me feeling like you should stamp this one. 😅

@quad quad self-assigned this Apr 2, 2024
@matklad
Copy link
Member

matklad commented Apr 2, 2024

🤣 to be fair, publicly announcing you as a co-maintainer on lobste.rs and on zulip was how I protected myself in this case.

You seem real enough to me, so just tying your name to the thing is enough of a safeguard for me :-)

I didn't ask you about your opsec stance, but mine isn't super principled either, so that's the risk anyone depending on expect-test gets!

Furthermore, all my stuff is published by CI, which at least closes of tarball tampering attacks!

@quad quad added this pull request to the merge queue Apr 2, 2024
Merged via the queue into master with commit 0eba05e Apr 2, 2024
1 check passed
@quad
Copy link
Collaborator Author

quad commented Apr 2, 2024

🤣 to be fair, publicly announcing you as a co-maintainer on lobste.rs and on zulip was how I protected myself in this case.

🫠

You seem real enough to me, so just tying your name to the thing is enough of a safeguard for me :-)

I hope our Real-Name Policy works! 🤞

I didn't ask you about your opsec stance, but mine isn't super principled either, so that's the risk anyone depending on expect-test gets!

My GH creds are in a 1Password. My SSH keys are in a secure element. Honestly, my email is probably needs a good security review. 😅

Furthermore, all my stuff is published by CI, which at least closes of tarball tampering attacks!

At least we'll have a history of hax! Let's avoid committing binary blobs. 🤝

@quad
Copy link
Collaborator Author

quad commented Apr 2, 2024

@matklad Well, look at that. GHA won't give builds I kick off access to the token anyway!

SO SECURE 🔐

@bjorn3
Copy link

bjorn3 commented Apr 2, 2024

I believe @matklad revoked all their (unscoped) crates.io tokens last year when scoped crates.io tokens were introduced: https://rust-lang.zulipchat.com/#narrow/stream/185405-t-compiler.2Frust-analyzer/topic/PSA.3A.20I.20revoked.20my.20tokens. This repo likely never had a new scoped token assigned.

@Veykril
Copy link
Member

Veykril commented Apr 2, 2024

If matklad can give the https://github.com/orgs/rust-analyzer/teams/rust-analyzer team ownership on crates.io I can put up a token

@matklad
Copy link
Member

matklad commented Apr 2, 2024

@matklad
Copy link
Member

matklad commented Apr 2, 2024

added github:rust-analyzer:rust-analyzer as it seems more principled, but we probably should retire the review team then.

@Veykril
Copy link
Member

Veykril commented Apr 2, 2024

Deleted the review team, as the actual teams are managed by the rust teams repo nowadays (will keep triage as it won't hurt having that around still). Publish was successful now https://github.com/rust-analyzer/expect-test/actions/runs/8523826046

@matklad matklad deleted the ssr/1.5.0 branch April 11, 2024 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants