The http removal will break private NuGet servers (NU1803 warning)

[peymanr34]

I completely support the effort to force users to use https, however I'm concerned about not being able to use private NuGet servers (such as BaGet) on my local machine since:

In November 2024, we will throw an error when a non-HTTPS source is used. You will not be able to opt-out of this behavior. https://devblogs.microsoft.com/nuget/https-everywhere

Please consider keeping the opt-out option permanently or suggest an alternative solution.

[nkolev92]

@peymanr34

NU1803 is a warning. It is likely that your project is elevating it to an error.

[erdembayar]

Do we dup to #12013?

[peymanr34]

@nkolev92

NU1803 is a warning. It is likely that your project is elevating it to an error.

Yes, I'm well aware that currently it's a warning but it will become an error in the future (Nov 2024) without an option to opt-out.

[nkolev92]

@nkolev92

NU1803 is a warning. It is likely that your project is elevating it to an error.

Yes, I'm well aware that currently it's a warning but it will become an error in the future (Nov 2024) without an option to opt-out.

My bad, I misread it because of the title.

Do you mind tweaking the title to something that indicates that this issue is about the complete removal of non-https feeds?

I can take a stab at it if you'd like me to.

[peymanr34]

My bad, I misread it because of the title.

Do you mind tweaking the title to something that indicates that this issue about the complete removal of non-https feeds?

I can take a stab at it if you'd like me to.

Sorry about that, please kindly do so.

[timmydo]

Should this throw when the hostname is localhost?

[mika76]

Totally agree with this - we have a totally private nuget server which does not even connect to the internet so please don't make me have to secure it for no reason. This should be an operational decision and not something a tool forces on you.