Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-3471

Investigate Nuget Package Signing

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      In 2018 Microsoft introduced the ability to sign NuGet packages, which allows consumers of those packages to verify package integrity and authenticity. (This is separate from strong-naming of assemblies.) More information can be found in the announcement including code signing certificate requirements, certificate registration with NuGet, and how sign a NuGet package.

      https://devblogs.microsoft.com/nuget/introducing-signed-package-submissions/

      The actual work of automating NuGet package signing will be done in CSHARP-3050. This ticket will investigate and prototype signing of our NuGet packages to ensure that we have the correct type of code signing certificate, determine if we will use author signatures or repository signatures, and iron out any other details required in the signing process.

      Attachments

        Activity

          People

            Unassigned Unassigned
            esha.bhargava@mongodb.com Esha Bhargava
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: