4Eki
Is there any way to use Nuget securely?
Visual Studio now includes a Package Manager that downloads and updates software packages from the internet. The common name for this is "Nuget"
The problem I have is that anyone can pretend to be someone else, by spoofing the owner field. This opens up a whole can of worms with regard to updates, and verifying the authenticity of every patch.
Are these valid concerns? (did I miss any?)
What technical and procedural controls can we implement to limit risk?
Is there any way to use Nuget in a secure manner?
