Closed Aniruddh25 closed 1 year ago
For compliance, we are using an Azure artifacts feed as per the Central Feed Services guidelines: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/project-artemis/central-feed-services-cfs#need-more-help
However, not everyone may have permissions to read from this azure feed. Before open sourcing, we need to find a way to let public access to this feed yet stay compliant. Need to check with how other open source repositories solve this. As per docs: https://learn.microsoft.com/en-us/azure/devops/artifacts/tutorials/share-packages-publicly?view=azure-devops public feeds cannot have upstream sources.
Nuget package has been published to nuget.org - this is no longer an issue.
nuget.org
For compliance, we are using an Azure artifacts feed as per the Central Feed Services guidelines: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/project-artemis/central-feed-services-cfs#need-more-help
However, not everyone may have permissions to read from this azure feed. Before open sourcing, we need to find a way to let public access to this feed yet stay compliant. Need to check with how other open source repositories solve this. As per docs: https://learn.microsoft.com/en-us/azure/devops/artifacts/tutorials/share-packages-publicly?view=azure-devops public feeds cannot have upstream sources.