arcade-services icon indicating copy to clipboard operation
arcade-services copied to clipboard
verified publisher icon dotnet

Post build signing removal in release branches

Open mmitche opened this issue 3 years ago • 1 comments

  • [ ] This issue is blocking
  • [ ] This issue is causing unreasonable pain

Post-build signing should be turned off for 6.0 (and 7.0+). It complicates the process quite a lot and adds a number of corner cases to the build process that are difficult to resolve. It should be turned off and replaced by in-build signing. However, we should not turn on in-build signing except in release branches. To do so:

Ideally start with 7.0 and backport.

  • [ ] We need to verify that we can build an in-build signed stack. What may have changed since PB signing was turned on?
    • Workloads?
    • Signing changes in a repo?
  • [ ] Verify that in build and post-build produce the same results
  • [ ] Ideally, block in-build signing except based on branch
  • [ ] Bring changes for servicing.

mmitche avatar May 03 '22 19:05 mmitche

@mmitche this will be basically resolved by UB, right?

premun avatar Nov 25 '24 12:11 premun