Related Problem

the @dotnetfoundation user has special rules that don't allow other owners of packages to control the author signing of a package. The .NET Foundation board and project committee would like to relax that requirement so that users only have to have valid signing certificates from a trusted root authority

The Elevator Pitch

Get rid of the problematic rules that are limiting our users from maintaining their packages. The current restrictions are causing users to remove the dotnetfoundation as an owner of the package so they can provide their own signing certificates. Having packages in the foundation signed gives some assurance to our users but allows our maintainers flexibility to sign as needed.

Additional Context and Details

Has been a pain to test azure trusted signing for the foundation. I hit this limitation with sign users myself and had to remove the dotnetfoundation owner and add myself as owner to allow tests to proceed.

I know other project leads have removed the foundation owner themselves to let them do their own signing.

Some maintainers are doing it since they want a fully linux approach for example and the current requirements doesn't give them flexibility.