[NuGet.org Bug]: Package validation failure emails use SHA1 thumbprints not SHA256 thumbprints #10307

blowdart · 2024-12-12T12:34:01Z

It's more difficult to complete my work

nuget.org's certificate settings use SHA256 thumbprints in the display

However, the validation failure emails sent when a certificate has not been registered use SHA1 thumbprints

Create and sign a new package with a certificate that is not registered to your account
Upload it, and wait for validation to fail because the certificate is not associated with the account
Check the validation failed emails

The validation failed email uses SHA256 thumbprints, not SHA1 thumbprints

No response

No response

mariaghiondea · 2024-12-12T15:41:01Z

erdembayar · 2024-12-19T18:49:31Z

@ryuyu
Triage meeting: We assigned the issue to you since you're already working on related issue, less context switch.

blowdart added the Type:Bug label Dec 12, 2024

mariaghiondea mentioned this issue Dec 12, 2024

Replace SHA-1 fingerprints with SHA-256 fingerprints #10073

Open

erdembayar assigned ryuyu Dec 19, 2024

erdembayar modified the milestones: Sprint 2024-12, Sprint 2025-02 Dec 19, 2024

erdembayar added Area: Security Triaged labels Dec 19, 2024

Provide feedback