(In reply to Sylvestre Ledru [:sylvestre] from comment #7)
> Usually, the way to do that is to update the configure to add a check on
> this. It will notify packagers about that.
As we were adding this new OAuth key to the build system, we did a lot of digging around for "what had been done before," including talking to releng pretty extensively and close examination of similar code landings (e.g., build system support for our geoloc API key). This didn't come up.
I know we're not trying to encourage a proliferation of secret material here, but for those cases in which we don't have a choice (like this one), it would probably be a Good Thing if we had a wiki page that captured all the collected lore on Best Current Practices.
Sylvestre: You seem to have some knowledge here. Do you have enough of an understanding of what Mozilla-specific steps need to take place in these kinds of cases to take a first stab at such a page? Or were you speaking about project behavior in general rather than from a Moz perspective?
(In reply to Sylvestre Ledru [:sylvestre] from comment #7)
> Usually, the way to do that is to update the configure to add a check on
> this. It will notify packagers about that.
As we were adding this new OAuth key to the build system, we did a lot of digging around for "what had been done before," including talking to releng pretty extensively and close examination of similar code landings (e.g., build system support for our geoloc API key). This didn't come up.
I know we're not trying to encourage a proliferation of secret material here, but for those cases in which we don't have a choice (like this one), it would probably be a Good Thing if we had a wiki page that captured all the collected lore on Best Current Practices.
Sylvestre: You seem to have some knowledge here. Do you have enough of an understanding of what Mozilla-specific steps need to take place in these kinds of cases to take a first stab at such a page? Or were you speaking about project behavior in general rather than from a Moz perspective?