[CSHARP-3471] Investigate Nuget Package Signing Created: 11/Mar/21  Updated: 20/Dec/22

Status: Backlog
Project: C# Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Esha Bhargava Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CSHARP-3200 Release on Evergreen Closed
Related
is related to CSHARP-3050 Sign Driver releases Backlog
Case:

 Description   

In 2018 Microsoft introduced the ability to sign NuGet packages, which allows consumers of those packages to verify package integrity and authenticity. (This is separate from strong-naming of assemblies.) More information can be found in the announcement including code signing certificate requirements, certificate registration with NuGet, and how sign a NuGet package.

https://devblogs.microsoft.com/nuget/introducing-signed-package-submissions/

The actual work of automating NuGet package signing will be done in CSHARP-3050. This ticket will investigate and prototype signing of our NuGet packages to ensure that we have the correct type of code signing certificate, determine if we will use author signatures or repository signatures, and iron out any other details required in the signing process.


Generated at Wed Feb 07 21:45:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.