The NuGet Blog

The latest news, updates, and insights from the NuGet team

NuGet.org - The NuGet Blog

NuGet.org starts repo-signing packages

August 10, 2018 Aug 10, 2018 08/10/18
Rido
In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X....

Introducing signed package submissions to NuGet.org

May 22, 2018 May 22, 2018 05/22/18
Rido
In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any NuGet.org user to submit signed packages to NuGet.org. A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers ...

NuGet.org will only support MSA/AAD starting June 1st, 2018

May 15, 2018 May 15, 2018 05/15/18
Anand Gaurav
We had previously announced the deprecation of NuGet.org's home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the NuGet.org's home-grown authentication mechanism starting June 1st, 2018. This means that ...

Organizations on NuGet.org

April 17, 2018 Apr 17, 2018 04/17/18
Anand Gaurav
We are happy to announce support for Organizations on NuGet.org. This will help businesses and open-source projects collaborate on packages using a single nuget.org identity. Why organizations? NuGet.org used to allow you to create an account and publish packages through that account with little support to manage and publish packages as a ...

Incident report – NuGet.org downtime on March 22, 2018

March 22, 2018 Mar 22, 2018 03/22/18
Svetlana Kofman
We did this blog post to report about the incident that happened on March 22, 2018. In the last couple of days we digged deeper into the incident. Here is the summary of our findings and proposed next steps. Customer Impact NuGet.org website and V2 APIs were unavailable for 2 hours on March 22, 2018 between 8:45AM - 11:30AM UTC. More than 1....

Deprecating NuGet.org authentication

February 27, 2018 Feb 27, 2018 02/27/18
Anand Gaurav
As announced in our NuGet Fall 2017 Roadmap blog post, we are transitioning away from NuGet.org’s home-grown authentication mechanism which will eventually allow us to add support for additional security systems such as two-factor authentication (2-FA). In preparation for this transition, we had already added support for Microsoft accounts (...

NuGet.org package publishing workflow – behind the scenes

February 1, 2018 Feb 1, 2018 02/1/18
Anand Gaurav
In December 2017, we changed the NuGet.org backend publishing pipeline to introduce a set of validation steps for submitted packages. Our goal is to maintain the same level of experience in terms of the time and effort it would take to publish a package and have it available for download. However, these new validation steps caused a few ...

Changes to NuGet.org service management, and performance improvements in China

September 7, 2017 Sep 7, 2017 09/7/17
Karan Nandwani
NuGet.org, the package manager for .NET, was purpose-built as a global service with high scale performance regardless of the developer’s location. We are finding that this is not always the case, particularly for developers accessing the service from China, which is the second largest region for .NET developers. They frequently face higher ...

NuGet.org Gets a Facelift

July 18, 2017 Jul 18, 2017 07/18/17
Jon Chu
It’s been a long time coming, and today we are excited to announce some big changes coming to NuGet.org. With almost 3 million monthly page views, NuGet.org is the gateway for .NET developers to find packages that accelerate their projects. However, as a package management website, so much more can be done. We decided to give NuGet.org a ...

NuGet Package Identity and Trust

April 17, 2017 Apr 17, 2017 04/17/17
Daniel Jacobson
Update on 10/16/2017: Package ID Prefix Reservation is now live. The documentation can be found here. We want to start this post with a huge thanks to you, the NuGet community. Over the last several months we have been talking to many of you to get feedback on NuGet package identity and trust. We’ve learned so much from you and we hope that...