TC exposes artifacts to users that has access to the project that has generated the artifact.
In order for our OD to be able to pull packages from a TeamCity nuget feed the configuration must supply credentials to TC.
With nuget feed configuration being global there is no way I can prevent one project from accessing the artifacts from another project.
In addition to the global set of shared nuget feeds, each project should have its own set of private feeds.
Thanks for using Octopus. I agree that the current global nature of feeds in Octopus causes a few issues.
You could use our built-in NuGet repository in Octopus 2.3, and instead of having Octopus pull from TeamCity, have TeamCity push the packages to Octopus. In 2.4 we’ll be tightening the security around this - teams will only be able to push packages that are used by projects that they have access to unless they are administrators.
The suggestion has merit for external feeds though - I’ve moved it to UserVoice to allow people to vote on it: