Vote: Signing Resource Modules

[andikrueger]

Running DSC via the ARM Template extension offers great flexibility for automated setups. By default the execution policy on Windows 10 prevents the execution of not signed scripts. This will lead to workarounds lowering the default security settings. E.g. see this issue: https://github.com/PowerShell/ComputerManagementDsc/issues/199

Are there any plans to sign the DSC Resources?

CC: @PlagueHO

[PlagueHO]

Tagging @mgreenegit and @kwirkykat . Does the Azure DSC Extension configure Windows 10 VMs in Azure to allow unsigned DSC Resources (e.g. the DSC Resource Kit) to be used?

[PlagueHO]

Hi @andikrueger - sorry we haven't got a clear answer on this one. I'll try and make sure I bring this up at the next community call. It would be good if the Azure DSC extension helps us with this.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.

[andikrueger]

I totally forgot about this issue and if I’m not mistaken we did miss it on the last community call as well. Hope we will talk about signing on the next call or any way on how to get around:-)

[gaelcolas]

Hi @andikrueger, I discussed it offline with Katie and there are no limitations we know of that would get in the way... The problem is that it needs some efforts to implement it within the release pipeline in place, and that does not seem like a top priority (relative to other tasks, and with limited resources).

It is worth reminding you (all) that it would only apply to the Resource Modules owned, released, published by Microsoft, which is a limited number.

I've added 👍 and 👎 at the top to allow people to show their interests.