On 2018-06-13, Dominik Psenner wrote: > That is possible. I restricted access to the github token to the log4net > build job only. Stefan, would you like to try whether you can gain access > to that token? I can guide you to where you can find it off-list.
Sorry, still travelling. Even if I don't manage to see the token, it is only going to prove to me that I'm not skilled enough :-) Personally I'd want to verify the contents of the archive anyway (as part of vetting the relase) and don't see any problem with signing them offline on my own machine at that point in time (or anybody else of us doing so). To me signing and uploading the ZIPs to dist.a.o doesn't have to be automated, YMMV. Stefan
