Update InsecureConnectionsDisableCertificateValidation.md

NuGet · Jul 5, 2023 · ac74ed1 · ac74ed1
1 parent 5f15784
commit ac74ed1
Showing 1 changed file with 14 additions and 12 deletions.
diff --git a/proposed/2023/InsecureConnectionsDisableCertificateValidation.md b/proposed/2023/InsecureConnectionsDisableCertificateValidation.md
@@ -32,18 +32,6 @@ With this feedback in mind, we would like to ensure that we have a generally agr
 
 There will be multiple ways to opt-out of these two functionalities described above.
 
-#### Global NuGet.config
-
-A developer may choose to want a global setting applied to all sources in which they may allow insecure connections on any defined HTTP source and disable certificate validation on any defined HTTPS source.
-
-```
-<!-- Disables certification validation for all HTTPS sources and allows insecure connections from all  HTTP sources -->
-<config>
-    <add key="allowInsecureConnections" value="true" />
-    <add key="disableCertificateValidation" value="true" />
-</config>
-```
-
 #### Package Source NuGet Config
 
 A developer may have anywhere from 2+ sources defined in their projects based on recent survey data. Each package source has its own unique security requirements and a developer should have control on a per package source basis where they can apply the `disableCertificateValidation` property to a HTTPS source. If applied to a HTTP source, nothing will happen. A developer should also be able to apply the `allowInsecureConnections` property to a HTTP source. If applied to a HTTPS source, nothing will happen.
@@ -57,6 +45,20 @@ A developer may have anywhere from 2+ sources defined in their projects based on
 </packageSources>
 ```
 
+### Redacted Functional Experiences (based on community feedback)
+
+#### Global NuGet.config
+
+A developer may choose to want a global setting applied to all sources in which they may allow insecure connections on any defined HTTP source and disable certificate validation on any defined HTTPS source.
+
+```
+<!-- Disables certification validation for all HTTPS sources and allows insecure connections from all  HTTP sources -->
+<config>
+    <add key="allowInsecureConnections" value="true" />
+    <add key="disableCertificateValidation" value="true" />
+</config>
+```
+
 #### Package Source NuGet Config (Alternate) - Not ideal for UX or discoverability.
 
 In the case that additional metadata cannot be added to the `<packageSources>` children, we can invent a new section similar to previously designed features where one can specify if a package source is deemed insecure or not. This will opt-out completely out of both scenarios.