Opt-out of "HTTPs everywhere" : add an allowInsecureConnections property in NuGet.Config

[heng-liu]

We need to add an allowInsecureConnections property into packageSources section in NuGet.Config files, as below:

<!-- Allows insecure connections on a specific http source -->
<packageSources>
    <add key="Contoso" value="http://contoso.com/packages/" allowInsecureConnections="true" />
</packageSources>

Spec: https://github.com/NuGet/Home/blob/dev/proposed/2023/InsecureConnectionsDisableCertificateValidation.md#package-source-nuget-config

[0xced]

Along with this change I think a new --allowInsecureConnections option should be added to the dotnet nuget add source command.

dotnet nuget add source http://contoso.com/packages/ --name Contoso --allowInsecureConnections

should add the following source in the NuGet.config file:

<add key="Contoso" value="http://contoso.com/packages/" allowInsecureConnections="true" />

[kaatula]

Along with this change I think a new --allowInsecureConnections option should be added to the dotnet nuget add source command.

dotnet nuget add source http://contoso.com/packages/ --name Contoso --allowInsecureConnections

Has the team considered this suggestion?

I need this command-line argument for my docker build pipeline.