[Feature]: Support for "Bring Your Own" Author Certificate for Package Signing on NuGet.org #10202
Labels
Comments
|
Kind of |
|
Another way to think of this ask would be allow owners on NuGet.org to enforce an author signature requirement which allows other owners to bring their own certificate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related Problem
No response
The Elevator Pitch
Currently, NuGet.org enforces an "all or nothing" policy when it comes to package signing. This means that users must either sign all packages with a single certificate or none at all. However, there is no flexibility to allow authors to use their own valid signing certificates per package. This is restrictive for users who may wish to maintain different security policies across their packages or who have specific compliance requirements involving external certificates.
https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package#manage-signing-requirements-for-your-package-on-nugetorg
https://learn.microsoft.com/en-us/nuget/reference/signed-packages-reference
Introduce support for a "bring your own" valid author certificate policy where developers can sign individual packages with different certificates if required. This would allow more flexibility in managing security policies across multiple packages.
Additional Context and Details
No response
The text was updated successfully, but these errors were encountered: