Context
GitHub Packages (NuGet) requires a token even for public packages — there's no anonymous access (unlike ghcr). The Nuke.* transition shims live on GitHub Packages only, because the Nuke.* IDs are owned by the original NUKE maintainer on nuget.org (#47). So a NUKE consumer migrating via the shims must add a read:packages PAT to their nuget.config — the most consumer-facing auth friction we have.
Decision (deferred — not worth it yet)
- Option A (current): accept it; document the one-line
nuget.config + PAT step. Fine for a technical transition audience.
- Option B (maybe later): re-home the shims under an org-owned ID on nuget.org (e.g.
Fallout.Shims.*) so they're anonymous/PAT-free — at the cost of the drop-in Nuke.* name (consumers change a using/package ref instead of zero-touch).
- Option C (proxy a token in front of the GH feed) — rejected, hacky.
Going with A for now. Re-evaluate B if shim-PAT friction shows up in real migration feedback.
Related: #47. Surfaced during the org/package-ownership migration.
Context
GitHub Packages (NuGet) requires a token even for public packages — there's no anonymous access (unlike ghcr). The
Nuke.*transition shims live on GitHub Packages only, because theNuke.*IDs are owned by the original NUKE maintainer on nuget.org (#47). So a NUKE consumer migrating via the shims must add aread:packagesPAT to theirnuget.config— the most consumer-facing auth friction we have.Decision (deferred — not worth it yet)
nuget.config+ PAT step. Fine for a technical transition audience.Fallout.Shims.*) so they're anonymous/PAT-free — at the cost of the drop-inNuke.*name (consumers change a using/package ref instead of zero-touch).Going with A for now. Re-evaluate B if shim-PAT friction shows up in real migration feedback.
Related: #47. Surfaced during the org/package-ownership migration.