You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the @dotnetfoundation user has special rules that don't allow other owners of packages to control the author signing of a package. The .NET Foundation board and project committee would like to relax that requirement so that users only have to have valid signing certificates from a trusted root authority
The Elevator Pitch
Get rid of the problematic rules that are limiting our users from maintaining their packages. The current restrictions are causing users to remove the dotnetfoundation as an owner of the package so they can provide their own signing certificates. Having packages in the foundation signed gives some assurance to our users but allows our maintainers flexibility to sign as needed.
Additional Context and Details
Has been a pain to test azure trusted signing for the foundation. I hit this limitation with sign users myself and had to remove the dotnetfoundation owner and add myself as owner to allow tests to proceed.
I know other project leads have removed the foundation owner themselves to let them do their own signing.
Some maintainers are doing it since they want a fully linux approach for example and the current requirements doesn't give them flexibility.
The text was updated successfully, but these errors were encountered:
Related Problem
the @dotnetfoundation user has special rules that don't allow other owners of packages to control the author signing of a package. The .NET Foundation board and project committee would like to relax that requirement so that users only have to have valid signing certificates from a trusted root authority
The Elevator Pitch
Get rid of the problematic rules that are limiting our users from maintaining their packages. The current restrictions are causing users to remove the dotnetfoundation as an owner of the package so they can provide their own signing certificates. Having packages in the foundation signed gives some assurance to our users but allows our maintainers flexibility to sign as needed.
Additional Context and Details
Has been a pain to test azure trusted signing for the foundation. I hit this limitation with sign users myself and had to remove the dotnetfoundation owner and add myself as owner to allow tests to proceed.
I know other project leads have removed the foundation owner themselves to let them do their own signing.
Some maintainers are doing it since they want a fully linux approach for example and the current requirements doesn't give them flexibility.
The text was updated successfully, but these errors were encountered: