Use Action to Publish new versions

[torbenkeller]

Would be awesome if a new version is ready, an action publishes it automatically. How to set up can be found here: https://dart.dev/tools/pub/automated-publishing

[GaspardMerten]

Hello @torbenkeller,

I am not confident that the benefits of auto-publishing the package would balance the slightly looser security. Keeping the process semi-manual ensure I can verify nothing malicious get published intentionally or not . Since this package should not require frequent update, I would rather disagree with the idea...

An intermediate approach would be to transfer this repo to an enterprise account, to protect tags to prevent direct publication, but this would defeat the purpose of allowing you (which I suppose is the goal here :)), to easily maintain this package?

What do you think?

[torbenkeller]

Hey @GaspardMerten,

I understand your concern about security. You don't know me. But if you have enough trust in me, that I don't push and merge malicious code, then the automation would reduce your work load and I can decide without asking you to release a new version. Or maybe in the future, you loose interest in maintaining, then I can still release new versions.

As far as I know, you can also protect the creation of tags in the repository in the free version. This would protect the package against unintended releases. Also the automation would always release master and on master there should be no malicious code.