NuGet.org Archives | Page 2 of 5

Organizations on NuGet.org

Anand GauravApril 17, 2018Apr 17, 201804/17/18

We are happy to announce support for Organizations on NuGet.org. This will help businesses and open-source projects collaborate on packages using a single nuget.org identity. Why organizations? NuGet.org used to allow you to create an account and publish packages through that account with little support to manage and publish packages as a te

Incident report – NuGet.org downtime on March 22, 2018

Svetlana KofmanMarch 22, 2018Mar 22, 201803/22/18

We did this blog post to report about the incident that happened on March 22, 2018. In the last couple of days we digged deeper into the incident. Here is the summary of our findings and proposed next steps. Customer Impact NuGet.org website and V2 APIs were unavailable for 2 hours on March 22, 2018 between 8:45AM - 11:30AM UTC. More than 1.

Deprecating NuGet.org authentication

Anand GauravFebruary 27, 2018Feb 27, 201802/27/18

As announced in our NuGet Fall 2017 Roadmap blog post, we are transitioning away from NuGet.org’s home-grown authentication mechanism which will eventually allow us to add support for additional security systems such as two-factor authentication (2-FA). In preparation for this transition, we had already added support for Microsoft accounts (

NuGet.org package publishing workflow – behind the scenes

Anand GauravFebruary 1, 2018Feb 1, 201802/1/18

In December 2017, we changed the NuGet.org backend publishing pipeline to introduce a set of validation steps for submitted packages. Our goal is to maintain the same level of experience in terms of the time and effort it would take to publish a package and have it available for download. However, these new validation steps caused a few incide

Changes to NuGet.org service management, and performance improvements in China

Karan NandwaniSeptember 7, 2017Sep 7, 201709/7/17

NuGet.org, the package manager for .NET, was purpose-built as a global service with high scale performance regardless of the developer’s location. We are finding that this is not always the case, particularly for developers accessing the service from China, which is the second largest region for .NET developers. They frequently face higher d

NuGet.org Gets a Facelift

Jon ChuJuly 18, 2017Jul 18, 201707/18/17

It’s been a long time coming, and today we are excited to announce some big changes coming to NuGet.org. With almost 3 million monthly page views, NuGet.org is the gateway for .NET developers to find packages that accelerate their projects. However, as a package management website, so much more can be done. We decided to give NuGet.org a r

NuGet Package Identity and Trust

Daniel JacobsonApril 17, 2017Apr 17, 201704/17/17

Update on 10/16/2017: Package ID Prefix Reservation is now live. The documentation can be found here. We want to start this post with a huge thanks to you, the NuGet community. Over the last several months we have been talking to many of you to get feedback on NuGet package identity and trust. We’ve learned so much from you and we hope that

Introducing scoped API keys

Anand GauravFebruary 2, 2017Feb 2, 201702/2/17

Update 2/14 (05:00 PM PST): This feature is now live! Login to your nuget account and expand the API Keys section to see the new experience. Since last year, we have been working on several fronts to advance NuGet as a secure environment for package distribution. This post describes an experience that will allow you to have better control of

NuGet – Ending Windows XP support

Karan NandwaniJanuary 19, 2017Jan 19, 201701/19/17

At NuGet, we are constantly improving our security. One of the steps we are taking is to move our HTTPS end points to meet industry standards for algorithms and protocols. This means that connecting to nuget.org services from machines that don’t support modern cipher algorithms will no longer be supported (such as TLS 1.0 support in Windows

Changes to Expiring API Keys

Harikrishna MenonAugust 25, 2016Aug 25, 201608/25/16

In June, we published a blog post announcing Expiring API Keys. We received a lot of great feedback from the community about it. In retrospect, we did not do a great job explaining the motivation and reasoning for this security measure to the community. This post goes into more detail about why we introduced Expiring API Keys, the immediate

The NuGet Blog