Skip to content

[release/5.0] Remove the certificate allowlist for nupkg verification. #6595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
1 commit merged into from
Nov 19, 2020
Merged

[release/5.0] Remove the certificate allowlist for nupkg verification. #6595

1 commit merged into from
Nov 19, 2020

Conversation

@riarenas
Copy link
Contributor

@riarenas riarenas commented Nov 19, 2020

Description

release/5.0 port of #6593 to unblock signing validation

Customer Impact

signing validation jobs will fail

Regression

No, a cert update + not knowing a lot about this particular allowlist came back to bite us when a new certificate came into play

Risk

Low. This removes some extra validation that NuGet confirmed is not necessary, and a test build of arcade master succeeded with the same change: https://dev.azure.com/dnceng/internal/_build/results?buildId=892591&view=results

Workarounds

repositories can disable signing validation altogether, which would be dangerous

@riarenas riarenas added the auto-merge Automatically merge PR once CI passes. label Nov 19, 2020
@ghost
Copy link

ghost commented Nov 19, 2020

Hello @riarenas!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit 66928ea into dotnet:release/5.0 Nov 19, 2020
@riarenas riarenas deleted the riarenas/remove-cert-allow-list-50 branch January 13, 2021 20:47
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmitche mmitche mmitche approved these changes

@markwilkie markwilkie Awaiting requested review from markwilkie

Assignees

No one assigned

Labels

auto-merge Automatically merge PR once CI passes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@riarenas @mmitche