-
Type: Improvement
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
(copied to CRM)
In 2018 Microsoft introduced the ability to sign NuGet packages, which allows consumers of those packages to verify package integrity and authenticity. (This is separate from strong-naming of assemblies.) More information can be found in the announcement including code signing certificate requirements, certificate registration with NuGet, and how sign a NuGet package.
https://devblogs.microsoft.com/nuget/introducing-signed-package-submissions/
The actual work of automating NuGet package signing will be done in CSHARP-3050. This ticket will investigate and prototype signing of our NuGet packages to ensure that we have the correct type of code signing certificate, determine if we will use author signatures or repository signatures, and iron out any other details required in the signing process.
- depends on
-
CSHARP-3200 Release on Evergreen
- Closed
- duplicates
-
CSHARP-5050 Sign release artifacts or tags with MongoDB-managed keys
- Closed
- is related to
-
EF-121 Sign EF releases
- Closed
-
VS-124 Sign Analyzer releases
- Closed
-
CSHARP-3050 Sign Driver releases
- Closed
-
ODATA-7 Sign package releases
- Closed