Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing: Enable ClientPolicies to require use of a set of Trusted Authors and Repos listed in NuGet.Config #6961

Closed
7 tasks done
PatoBeltran opened this issue May 21, 2018 · 2 comments
Closed
7 tasks done

Signing: Enable ClientPolicies to require use of a set of Trusted Authors and Repos listed in NuGet.Config #6961

PatoBeltran opened this issue May 21, 2018 · 2 comments
Assignees
@PatoBeltran
Labels
Epic Functionality:Signing
Milestone
4.9.0

Comments

@PatoBeltran
Copy link

PatoBeltran commented May 21, 2018
edited
Loading

This issue is to track implementation of the feature designed in https://github.com/NuGet/Home/wiki/%5BSpec%5D-NuGet-Config-schema-changes-to-enable-trusted-signers

This is a first step feature to add support for client policies. This issue is tracking the following work:

  • Read and parse correctly trusted signers from nuget.config
  • Pass down settings from nuget.config to verification API through extraction and verify command.
  • Use nuget.config settings in the verification pipeline as an input and use it to verify the package.
  • Refactor AllowListVerificationProvider to receive only one allowList.
  • Add support for allowUntrustedRoot by using that flag in verify API
  • Forbid large package downloads when on require client policy.
  • Improve error messages - Signing: improve signing related error messages #6906
@PatoBeltran PatoBeltran added this to the 4.8 milestone May 21, 2018
@PatoBeltran PatoBeltran self-assigned this May 21, 2018
@PatoBeltran PatoBeltran changed the title Being implementation on NuGet Package Signing Client Policies Begin implementation on NuGet Package Signing Client Policies Jun 15, 2018
@PatoBeltran PatoBeltran changed the title Begin implementation on NuGet Package Signing Client Policies Add support for trusted signers Jun 20, 2018
@nkolev92 nkolev92 mentioned this issue Jul 9, 2018
Merged
@rrelyea rrelyea modified the milestones: 4.8, 4.9 Jul 12, 2018
@rrelyea rrelyea changed the title Add support for trusted signers Enable ClientPolicies to be set via NuGet.Config to require use of a set of Trusted Authors and Repos Sep 7, 2018
@rrelyea rrelyea changed the title Enable ClientPolicies to be set via NuGet.Config to require use of a set of Trusted Authors and Repos Signing: Enable ClientPolicies to require use of a set of Trusted Authors and Repos listed in NuGet.Config Sep 7, 2018
This was referenced Sep 18, 2018
Closed
Merged
Merged
@jainaashish
Copy link
Contributor

Can you link this issue to the right spec?

This was referenced Sep 27, 2018
Merged
Merged
@PatoBeltran PatoBeltran mentioned this issue Oct 8, 2018
Merged
@PatoBeltran PatoBeltran mentioned this issue Oct 15, 2018
Closed
@PatoBeltran
Copy link
Author

Closing this issue since the work is done and merged into 15.9 and the missing work for the CLI gesture is being tracked by #7480

@rrelyea rrelyea added the Epic label Nov 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@PatoBeltran PatoBeltran

Labels
Epic Functionality:Signing
Projects
None yet
Milestone
4.9.0
Development

No branches or pull requests
3 participants
@PatoBeltran @rrelyea @jainaashish