Closed gathogojr closed 5 months ago
ElizabethOkerio
commented
5 months ago Verified that all the signed packages are signed
I wonder whether there's value in us continuing to package the non-signed packages to the pipeline artifacts, seems like it increases the surface area of making mistakes (e.g. deploying the wrong version of the package)?
How come the icon is not showing here or it normally doesn't show.
gathogojr
commented
5 months ago Verified that all the signed packages are signed
I wonder whether there's value in us continuing to package the non-signed packages to the pipeline artifacts, seems like it increases the surface area of making mistakes (e.g. deploying the wrong version of the package)?
How come the icon is not showing here or it normally doesn't show.
It appears like that even in old versions of the VSIX
This pull request replaces the legacy SignClient tool for signing the VSIX and the CLI with the new Sign CLI tool Sign CLI tool doesn't use client secret. It relies on the newly created "Code Signing" service connection.