New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code Signing Certificate Request: Nerdbank.GitVersioning #56
Comments
@AArnott on the certificate subject, do you want it to say |
I have several other projects I'd like to use this on. So Nerdbank (or my full name) would be preferable. |
@ChrisSfanos can you please use |
Trade name has been registered |
Andrew, I just invited you to the shared LastPass where the cert is setup and configured. Three things:
I'm happy to review any PR's/pipelines |
Thanks. |
Is it kosher to use this signing cert for my other projects that aren't part of the .NET Foundation? |
It's probably not the best idea as the cert belongs to the "Nerdbank" Foundation project. One option could be to transfer the other project to the Foundation. ReactiveUI has a bunch of libraries (like Refit, Splat, Punchcard, and Akavache) that are all pretty much handled by the same team. Other projects do something similar (like Castle). |
OK, I'll avoid over-using the cert then. I have other software like Nerdbank.Streams. The popularity is certainly not at the level of Nerdbank.GitVersioning, so I assume it's not a dotnetfoundation project candidate. But I'd be happy to learn otherwise. |
How can I get the (public) .cer file for this certificate? nuget.org is rejecting a push of a signed package until I first upload this file. |
Add |
Where is this certificate viewer you mention? What do I export the .cer file from? A file that is already signed? |
any file that's already signed. In explorer, view the certificate and then on one of the taps there's a "copy to file...". Anther ways is in NuGet Package Explorer, click the cert there and then one of the tabs has a "copy to file..." button. |
I'm beginning to wonder if this means I can't service older versions of packages unless I also get them to be signed as well. I guess I should have based my code sign commit on my v2.x branch. I guess I can do that if I ever need to service them. |
Once NuGet has a cert attached, future submissions for it will need to be signed. The code signing commit could be cherry-picked to the 2.x branch if needed. |
Please fill in the information below
Certificate onboarding checklist:
The text was updated successfully, but these errors were encountered: