-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dotnet nuget verify is too quiet #10316
Comments
Is this by design, rather than a bug? My understanding is that the dotnet cli is more closely following the UNIX philosophy of minimal output. I don't know if they intend the output to be so terse as to have zero output for successful commands (think mkdir, zip, unzip rm, they don't have any output when successful). However, normal verbosity looks too verbose to me for default. In my opinion, the maximum output should be 1 line per file, maybe |
Here are the reasons why I thought it is a bug.
Happy to work with PM team to improve the user experience. |
Agree on the fact that it's too quiet. I approached the command by digging through |
Customers need info about packages’ signatures (like certificate thumbprints, or server owners) to configure NuGet’s security policies. How can a customer do that on macOS or Linux? Today it’s hidden behind a verbosity flag. That said, I agree that the command’s output is verbose and could be trimmed down. |
The command is "verify", not "show signature info". So, I think it's reasonable for customers to need to explicitly set a higher verbosity, or use some other arguments. But, I have no idea how this command is being used "in real life". |
@zkat @JonDouglas Any thoughts about this issue? How about accepting the linked PR first to match |
I'm an old school unix headed person so my personal first impression is "this seems totally fine to me". My second impression is that we could just output something as simple as "X signatures successfully verified" and be done with it. |
Please keep in mind that today this command is the only way to get necessary info on macOS and Linux to configure NuGet’s security policies (example: “Hey NuGet, only restore packages that were signed by Microsoft’s certificate”). @zivkan I’d prefer a new option between your two suggestions. I wouldn’t tie this output to the verbosity level since that’s usually used for debugging. The new option would be easier to discover using “—help” too. Personally, I’d prefer to keep the full output. No one has ever complained about it being too verbose. Requiring a new option or increased verbosity seems like added complexity for little gain. Consistency across nuget.exe and dotnet CLI is also a plus. @dtivel Do you have an opinion on this? |
Details about Problem
NuGet product used: dotnet.exe
dotnet.exe --version (if appropriate): 5.0.100
Detailed repro steps so we can see the same problem
dotnet nuget verify
does not output anything by default:No output is given at all for these commands. This is unfortunate as the
verify
command's output provides useful information when configuringtrusted-signers
(see this blog post).However, command output is shown if I increase the verbosity to
normal
:The text was updated successfully, but these errors were encountered: