Release version 1.5.0 #46
Conversation
quad
commented
Apr 1, 2024
•
quad
commented
- Bump version to 1.5.0 and update changelog
|
@matklad |
|
🤣 to be fair, publicly announcing you as a co-maintainer on lobste.rs and on zulip was how I protected myself in this case. You seem real enough to me, so just tying your name to the thing is enough of a safeguard for me :-) I didn't ask you about your opsec stance, but mine isn't super principled either, so that's the risk anyone depending on expect-test gets! Furthermore, all my stuff is published by CI, which at least closes of tarball tampering attacks! |
🫠
I hope our Real-Name Policy works! 🤞
My GH creds are in a 1Password. My SSH keys are in a secure element. Honestly, my email is probably needs a good security review. 😅
At least we'll have a history of hax! Let's avoid committing binary blobs. 🤝 |
|
@matklad Well, look at that. GHA won't give builds I kick off access to the token anyway! SO SECURE 🔐 |
|
I believe @matklad revoked all their (unscoped) crates.io tokens last year when scoped crates.io tokens were introduced: https://rust-lang.zulipchat.com/#narrow/stream/185405-t-compiler.2Frust-analyzer/topic/PSA.3A.20I.20revoked.20my.20tokens. This repo likely never had a new scoped token assigned. |
|
If matklad can give the https://github.com/orgs/rust-analyzer/teams/rust-analyzer team ownership on crates.io I can put up a token |
|
added github:rust-analyzer:rust-analyzer as it seems more principled, but we probably should retire the review team then. |
|
Deleted the review team, as the actual teams are managed by the rust teams repo nowadays (will keep triage as it won't hurt having that around still). Publish was successful now https://github.com/rust-analyzer/expect-test/actions/runs/8523826046 |
