On 12/9/15 2:14 AM, Philipp Zumstein wrote:
> > The fact that Scaffold has become more of a community project means
> that that shouldn't really happen from Zotero's AMO account, so there
> would have to be a separate AMO account for it.
>
> Well, the source code is under
https://github.com/zotero/scaffold and
> all documentation lays under
>
https://www.zotero.org/support/dev/translators/scaffold . Thus, zotero
> provides the spaces for all parts of scaffold. Moreover, I am not sure
> if scaffold is actually working properly without Zotero installed.
Sure — I just mean that Zotero staff doesn't currently put out the
releases, and we obviously can't share access to the main Zotero AMO
account, and if there's going to be back-and-forth with Mozilla over the
code it wouldn't make sense for that to come to us.
> But I understand that you don't want to spend much time with the
> signing/review process of scaffold. Isn't there only a review of the
> addon if a new release is published? Scaffold is not really changing
> much and new releases might not happen often...
Releases have been ~1/year, which obviously isn't a big deal. If we
don't see that changing significantly, we can probably do these under
the Zotero account. The release process would need to be a bit
different: maintainers would need to tag a release and then open a
ticket and tag one of us, we'd run a script to build the XPI and submit
it to the Mozilla signing API, we'd upload the signed API to S3 and post
the download link to the ticket, and maintainers would update the
manifest with the download link and hash and then close the ticket. If
we were going to do these under our account, I'd want to make sure the
code always passed the validators [1] with no issues to reduce the
chance of having to deal with reviews.
[1]
https://github.com/mozilla/amo-validator /
https://github.com/mozilla/addons-validator