Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature]: Relax the requirements for the dotnetfoundation user #10187

Open
glennawatson opened this issue Sep 18, 2024 · 0 comments · May be fixed by NuGet/Home#13792
Open

[Feature]: Relax the requirements for the dotnetfoundation user #10187

glennawatson opened this issue Sep 18, 2024 · 0 comments · May be fixed by NuGet/Home#13792

Comments

@glennawatson
Copy link

Related Problem

the @dotnetfoundation user has special rules that don't allow other owners of packages to control the author signing of a package. The .NET Foundation board and project committee would like to relax that requirement so that users only have to have valid signing certificates from a trusted root authority

The Elevator Pitch

Get rid of the problematic rules that are limiting our users from maintaining their packages. The current restrictions are causing users to remove the dotnetfoundation as an owner of the package so they can provide their own signing certificates. Having packages in the foundation signed gives some assurance to our users but allows our maintainers flexibility to sign as needed.

Additional Context and Details

Has been a pain to test azure trusted signing for the foundation. I hit this limitation with sign users myself and had to remove the dotnetfoundation owner and add myself as owner to allow tests to proceed.

I know other project leads have removed the foundation owner themselves to let them do their own signing.

Some maintainers are doing it since they want a fully linux approach for example and the current requirements doesn't give them flexibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants