Return-Path: Delivered-To: apmail-ant-user-archive@www.apache.org Received: (qmail 27900 invoked from network); 23 May 2006 11:51:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 May 2006 11:51:35 -0000 Received: (qmail 51299 invoked by uid 500); 23 May 2006 11:51:30 -0000 Delivered-To: apmail-ant-user-archive@ant.apache.org Received: (qmail 51103 invoked by uid 500); 23 May 2006 11:51:29 -0000 Mailing-List: contact user-help@ant.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Ant Users List" Reply-To: "Ant Users List" Delivered-To: mailing list user@ant.apache.org Received: (qmail 51091 invoked by uid 99); 23 May 2006 11:51:29 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 May 2006 04:51:29 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [192.6.10.2] (HELO colossus.hpl.hp.com) (192.6.10.2) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 May 2006 04:51:25 -0700 Received: from localhost (localhost.localdomain [127.0.0.1]) by colossus.hpl.hp.com (Postfix) with ESMTP id 110546BA08 for ; Tue, 23 May 2006 12:51:04 +0100 (BST) Received: from colossus.hpl.hp.com ([127.0.0.1]) by localhost (colossus.hpl.hp.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 20151-04 for ; Tue, 23 May 2006 12:51:03 +0100 (BST) Received: from kropotkin.hpl.hp.com (kropotkin.hpl.hp.com [16.25.191.14]) by colossus.hpl.hp.com (Postfix) with ESMTP id 2ABEE6B9FE for ; Tue, 23 May 2006 12:51:02 +0100 (BST) Received: from localhost (localhost [127.0.0.1]) by kropotkin.hpl.hp.com (Postfix) with ESMTP id 7ED1D78B8 for ; Tue, 23 May 2006 12:51:02 +0100 (BST) Received: from kropotkin.hpl.hp.com ([127.0.0.1]) by localhost (kropotki [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21126-03-14 for ; Tue, 23 May 2006 12:50:57 +0100 (BST) Received: from timmay.hpl.hp.com (timmay.hpl.hp.com [16.25.171.20]) by kropotkin.hpl.hp.com (Postfix) with ESMTP id C175B75F4 for ; Tue, 23 May 2006 12:50:57 +0100 (BST) Received: from [16.25.171.182] (chamonix.hpl.hp.com [16.25.171.182]) by timmay.hpl.hp.com (8.13.2/8.13.2) with ESMTP id k4NBot7p006811 for ; Tue, 23 May 2006 12:50:55 +0100 (BST) Message-ID: <4472F71F.1080406@apache.org> Date: Tue, 23 May 2006 12:50:55 +0100 From: Steve Loughran User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: Ant Users List Subject: Re: Proper Property File References: <447250E1.7050900@gmx.de> In-Reply-To: <447250E1.7050900@gmx.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-HPLB-IMAP-MailScanner-Information: Please contact the Helpdesk for more information X-HPLB-IMAP-MailScanner: Found to be clean X-HPLB-IMAP-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 5) X-Virus-Scanned: amavisd-new at kropotkin.hpl.hp.com X-Virus-Scanned: amavisd-new at hplb.hpl.hp.com X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Antoine Levy-Lambert wrote: > Hello Res, > > I think that you are doing the right thing. More exactly, I am not sure > that *the* best practice in this domain exist. As long as you have a > clear policy and you can explain it to all the stakeholders in > your development community, things are OK. > > You mention ssh passwords. I have always thought that passwords for > automated scripts are a problem. Either you have these in a file which > is not under version-control, but then you can lose it and > the build is not reproducible. Or the file is just sitting on the > file system at a location where only trusted person(s) can access it, > and it is fine for security, but not for the sake of being sure that the > build > can be setup elsewhere without difficulties. Sometimes, I think it is > quite "funny" when a script user has to "key in" passwords for 10s of > different systems (database servers, application servers, ssh, LDAP, > mainframe connectivity, > ...) But it is like that. You can always keep the passwords on a USB key or some other movable device, so they become available when plugged in, and move from device to device. I dont do that, but I do encrypt the bit of the filesystem they live in, with an encryption key that is kept in the laptop's TPM. No login, no data. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@ant.apache.org For additional commands, e-mail: user-help@ant.apache.org